Human factor, a critical weak point in the information security of an organization's Internet of things

Kwesi Hughes-Lartey; Meng Li; Francis E Botchey; Zhen Qin

doi:10.1016/j.heliyon.2021.e06522

Human factor, a critical weak point in the information security of an organization's Internet of things

Heliyon. 2021 Mar 16;7(3):e06522. doi: 10.1016/j.heliyon.2021.e06522. eCollection 2021 Mar.

Authors

Kwesi Hughes-Lartey^{1

2}, Meng Li^{1

3}, Francis E Botchey^{1

2}, Zhen Qin^{1

3

4}

Affiliations

¹ School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu, China.
² Computer Science Department, Koforidua Technical University, Koforidua, Ghana.
³ Institute of Electronic and Information Engineering UESTC in Guangdong, China.
⁴ Network and Data Security Key Laboratory of Sichuan Province, China.

Abstract

Internet of Things (IoT) presents opportunities for designing new technologies for organizations. Many organizations are beginning to accept these technologies for their daily work, where employees can be connected, both on the organization's premises and the "outside", for business continuity. However, organizations continue to experience data breach incidents. Even though there is a plethora of researches in Information Security, there "seems" to be little or lack of interest from the research community, when it comes to human factors and its relationship to data breach incidents. The focus is usually on the technological component of Information Technology systems. Regardless of any technological solutions introduced, human factors continue to be an area that lacks the required attention. Making the assumption that people will follow expected secure behavioral patterns and therefore system security expectations will be satisfied, may not necessarily be true. Security is not something that can simply be purchased; human factors will always prove to be an important space to explore. Hence, human factors are without a doubt a critical point in Information Security. In this study, we propose an Organizational Information Security Framework For Human Factors applicable to the Internet of Things, which includes countermeasures that can help prevent or reduce data breach incidents as a result of human factors. Using linear regression on data breach incidents reported in the United States of America from 2009 to 2017, the study validates human factors as a weak-point in information security that can be extended to Internet of Things by predicting the relationship between human factors and data breach incidents, and the strength of these relationships. Our results show that five breach incidents out of the seven typified human factors to statistically and significantly predict data breach incidents. Furthermore, the results also show a positive correlation between human factors and these data breach incidents.

Keywords: Data breach; Human behavior; Human factors; Information security; Internet of things.