Security and Privacy Issues Affecting the Adoption of the Internet of Things in Manufacturing Companies

Chapter One: Introduction

Background

Many firms consider having innovative and cutting-edge technologies that support business efficiencies while reducing the cost to allow long-term survival. Companies that fail to take creativity into account become less competitive and adaptable, denying them an opportunity to stay longer in the industry (Oorschot and Smith, 2019). Internet of Things (IoT) has been identified as an innovative technology that builds on firms and improves their operations to support their continued existence. IoT is a technological concept tailored to connect devices and systems of different types over the Internet (Andersson et al., 2018). It is a growing network of objects which use the Internet to allow communication between themselves and other Internet-enabled devices. In this decade, the popularity of IoT has significantly increased because of its advantages in business operations, such as communication (Karale, 2021). The technology in the IoT is based on the hyperconnectivity of devices and systems that enables individuals and business organizations to communicate remotely.

The IoT is not an old idea; instead, it began about two decades ago when Kevin Ashton first used it. Ashton came up with the concept to promote the Radio Frequency Identification (RFID) concept that includes embedded actuators and sensors (Olushola, 2019). Though, this was an attempt to implement the original idea that had been introduced as early as the 1960s, during which it was referred to as embedded or pervasive computing (Karale, 2021). Also, Carnegie Mellon University students touched on the idea of IoTs in the early 1980s using a soft drink vending machine. In 1990, technologists including Simon Hackett and John Romkey connected a toaster to the Internet. The re-introduction by Ashton was purposely to improve supply chain activities but later diversified in its functionalities before gaining strong popularity almost a decade ago (Olushola, 2019). Currently, the world has over 27 billion IoT devices with the mass explosion in 2011 when wearable devices, home automation, and smart energy meters were introduced (Chowdhury and Raut, 2019). The IoT global explosion has since benefited multiple organizations and used in various ways such as transportation, communication, development of business, and education. Businesses have been able to improve on market research and strategies to improve operations. Individuals have equally enhanced their lifestyles considering the introduction of automated services. One area of business that has significantly benefited from IoT is manufacturing (Oorschot and Smith, 2019). Therefore, there is need to examine the adoption of IoT in the context of manufacturing sector.

The manufacturing sector has immensely and significantly embraced the use of IoT, considering its importance to society and economic growth. The manufacturing sector has been ranked as one of the fastest-growing in Saudi Arabia, putting the country on top of the world with an average annual growth of 7.5% (Karale, 2021). Its contribution towards the nation’s GDP is about 10%. Therefore, considering the important role of the manufacturing sector, new drivers are critical in boosting the sector to regain its leading position. The new strategies have involved advancing information technologies (Its) that have seen the sector adopt the use of IoT (Olushola, 2019). The IoTs support all the major shifting manufacturing operations, which include the widespread adoption of industrial robots and the computer numerical control that has allowed manufacturing systems to become flexible (Oorschot and Smith, 2019). More IoT applications such as computer-aided manufacturing, computer-aided design technologies, and computer-aided processing planning have all made it practically possible for computers to integrate manufacturing activities. Similarly, through IoTs, manufacturing has integrated resources to make modern products that help the fulfillment of the required functions (Chowdhury and Raut, 2019). The integration of these manufacturing resources facilitates balancing between the capabilities and flexibilities of the system. Therefore, like many other sectors that have embraced IoTs, their use in manufacturing is substantial to impact on the outcome of the sector and especially its contribution to the economic growth.

Statement Problem

The application of IoT in manufacturing involves numerous decision-making activities requiring high computing capability and intensive information. Manufacturing processes require multiple computing resource servers, including decision-making units and databases. Many efforts put in place in manufacturing need reliable and real-time data on resources, processes, and products (Andersson et al., 2018). Information is needed concerning competition forces that aid in minimizing activities without value, including repair and buffering. Due to competitiveness, data is required to organize manufacturing activities that help avoid excessive inventory and ensure the production line is monitored to limit machines breakdown (Karale, 2021). Therefore, the application of IoT in manufacturing systems requires enough real-time data about everything for making the right decisions at different levels and domains. The data available is used collected and transmitted publicly or privately hence the need for integrity, confidentiality, and authentication as key security and privacy aspects.

However, with the increased manufacturing activities, the explosion of using IoT in this sector has increased the concern of security and privacy of data. This is because the excessive adoptions of smart devices have allowed sharing of data and integration of various activities and resources without putting sufficient systems for protection in place (Karale, 2021). Most cybersecurity risks have been attributed to the unconscious use of devices, lack of updating devices, and general reluctance to change passwords. Malicious applications have also been used in accessing private and sensitive data by the IoT system. The culmination of the inappropriate practices can increase the probability of security breach primarily because of the lack of elaborate security policies and protocols in the IoT (Oorschot and Smith, 2019). The increase in the use of devices and systems that IoT has enabled always surpasses the risk of cybersecurity threats. Increased use of intelligent devices integrated to enable data sharing increases the concern of breach of security and privacy of data. Besides, technological advancement such as using the 5G network, which influences IoT applications, can increase cybersecurity threats.

As security and privacy issues continued to affect the IoTs adoption in manufacturing, several security mechanisms were developed. These mechanisms were purposed to protect IoT devices used in manufacturing from attacks (Andersson et al., 2018). However, despite the formulation and existence of these privacy and security measures, there is a lack of appropriate documentation of security guidelines. The situation makes it difficult for end-users to utilize these protective measures even if they want to avert data attacks. At the same time, since 2008, hackers have continued to develop different malware kinds to weaken the IoTs components used in various sectors, including manufacturing (Chowdhury and Raut. 2019). Individuals or employees in this section can easily be provoked by the many phishing techniques so that they can share sensitive or private information with unauthorized groups (Karale, 2021). Therefore, this study investigates the adoption of IoTs among the manufacturing companies, the occurrences of security and privacy concerns/issues, and how these issues influence the firms’ willingness to adopt the Internet of Things in their operations.

Research Aim, Questions, and Objectives

Research Aim

The study explores the security and privacy concerns that affect manufacturing companies’ effective adoption of the IoT. Companies in the contemporary world have been at the forefront in embracing new technological developments that will increase their production. IoTs use involved reliable data in understanding the competitiveness and increasing the most valuable to attract a high market and limit unnecessarily (Olushola, 2019). In manufacturing controlling defective parts of the products or components help reduce the cost used while improving the product quality (Andersson et al. 2018). The incorporation of new technology can increase production levels due to improved efficiency and reduction in the cost of operations. However, cybersecurity has been a critical issue that has hindered manufacturers from adopting technology, including IoTs, in their model. The ability to keep information from unauthorized groups, including the competitors or third parties that would distort such data, has also become critical for adopting this technology. This study investigates issues of security and privacy that tend to hinder the effective adoption of the IoTs by companies in manufacturing.

Research Questions

Security and privacy issues have been critical in technological advancement in many sectors as stakeholders strive to understand the trends and make relevant mechanisms to limit the occurrence and impact. Manufacturing is one of the critical development areas that need serious consideration and focus on optimal production. This requires doing insightful searches to develop the most relevant measure. Therefore, the current study answers the following research questions:

• What is the prevalence of security and privacy breaches for adopting and using IoTs among the manufacturing companies in Saudi Arabia?
• To what extent do the issues concerning the security and privacy of IoTs influence the willingness of the manufacturing companies in Saudi Arabia to adopt and apply IoTs in their operations?
• What are the most suitable protective mechanisms/measures employed by the Saudi Arabian manufacturing companies to enhance the privacy and security of adopting IoTs?

Research Objectives

In any study, the researchers often seek concisely to identify what their research is trying to achieve through the project to give direction to the investigative process. The current study was concerned about adopting IoTs specifically in manufacturing companies, the arising security and privacy issues, and significant ways to address these issues. Therefore, this led to defining the following objectives of the research process:

• To establish the prevalence of security and privacy breaches for adoption and use of IoTs among the manufacturing companies in Saudi Arabia;
• To find out the extent to which the issues concerning security and privacy of IoTs influence the willingness of the manufacturing companies in Saudi Arabia to adopt and the apply IoTs in their operations;
• To determine the most suitable protective mechanisms/measures employed by the Saudi Arabian manufacturing companies to enhance the privacy and security of adopting IoT.

Research Contributions

Many surveys among the industry leaders, including manufacturing, have raised concerns about significant barriers to the adoption of IoT in their operation. Experts have cited end-to-end IoT security, artificial intelligence, surpassing edge compute, and machine learning as some of the concerns affecting technological processes. Considering the many revelations of the issues of security of data in IoTs, this study is a key contributor in improving the product in the manufacturing industry. The findings of the study help key stakeholders in the manufacturing sector in Saudi Arabia and across the globe understand the most vulnerable areas of operations that become the significant cybersecurity targets and loss of data.

Similarly, considering that experts have already developed mechanisms in ensuring the security and privacy of data in IoTs adoption, such as physical checks for the security of devices, update policies for regular software and firmware, and end-to-end encryption. However, security concerns continue to arise, requiring further measures. The current study facilitates stakeholders to develop the most relevant measures regarding the specific areas of security threats in the IoT application. This will be essential in minimizing the technological resistance by project or business owners.

Outline of Research Methods

The dissertation adopted positivist philosophy by focusing on IoTs and the emerging security and privacy issues, eying on the manufacturing companies and the technological experts. The adoption of positivist philosophy gives rise to a more relevant and suitable research methodology that is all-inclusive. Therefore, the design of the study adopted is the survey design that is descriptive in nature. The survey is significant in studies requiring primary data collection, considering that both the researcher and the respondents have convenient time and resources to participate in the research process. Descriptive research design has proved more accurate and systematic in defining the facets involved in a phenomenon, and the research can use this research method to investigate more variables.

The research involved the use of primary data collected through the administration of questionnaires to the respondents in the manufacturing companies in the country of study. A mixed-method was considered in this study to determine factors that contributed to the security and privacy concern in IoTs adoption in manufacturing companies. Thus, both qualitative and quantitative data were collected to give inferential and descriptive statistics about the study elements.

The qualitative data were analyzed using the grounded theory methodology to create inferential statistics about reasons for the adoption process. The analysis approach was chosen because it was the most appropriate for the analysis of the qualitative data in line with the objectives of the thesis. It focused on creating an understanding of the qualitative data, which could quickly answer the research questions and effectively meet the objectives and aim of the study.

Foreseeable Limitations

Various limitations were foreseeable in the study methodology include a possibly small sample size. The sample size used in the survey reflects on the top leadership of the manufacturing companies, especially those within the technological departments. Similarly, considering the nature of the study requiring primary data collection, the resources needed, including finance and even time, may not be sufficient hence the need for a smaller sample. The matter under research is sensitive since it involves information on privacy and security matters. Some of the respondents may be mean to provide information or deny the researcher from accessing actual companies’ data.

Structure of the Dissertation

The paper is structured into five chapters, including the introduction, literature review, research methodology, analysis of the collected data, and discussion, conclusion, and recommendations. The introduction provides background information for the paper and puts the text in a contextual framework. Background involves the definition of IoTs, their applications, benefits, and their role in the manufacturing sector. The literature review chapter examines various research components related to the topic of studies, such as the IoTs technologies, security and privacy challenges, applications of IoT, and the solution mechanisms to address the problems identified.

The methodology section identifies the design used in conducting the research, methods used in data collection, the sample and settings, procedures followed, and the suitable analysis selected. The findings and analysis of the data section covers the obtained results, synthesizes them for easier interpretation, and presents the final outcomes in tables and graphs. The discussion, conclusion, and recommendations are the final section that provides an in-depth analysis of the main points and links the research questions with objectives to ensure that the thesis addresses all the issues examined under investigation.

Chapter Two: Literature Review

Introduction

The relevant literature review is essential in any research process because it facilitates identifying key themes of the study and avoids replication and discovering inconsistencies. The review of the literature in this chapter provides the various aspects related to the research topic. The themes emerging from the review presented the concept of IoTs and their adoption in organizations, security and privacy issues, and the possible solutions to these challenges. Various sources are considered in the reviewed literature, including peer-reviewed journals, books, and other relevant sources, including research-oriented websites. The topics of discussion are synthesized and presented as subsections in this chapter.

IoTs as a Concept

Despite the IoTs being a relatively older concept, many definitions and interpretations exist today regarding it. It reflects on the paradigm shift in the area of information technology. The definition depends on the type of research conducted in reference to researchers in the general public who express a significant level of interest vagueness in the field or the specialist researchers. According to Wong (2018), the description of IoT refers to a network of items that are embedded with sensors and connected to the Internet. The author further presents the expert definition by the Internet Engineering Task Force (IETF) that encompasses the IoT vision in relation to things such as sensors, computers, mobile phones, vehicles, refrigerators, and televisions.

IoT relates to and emanates from different technologies, visions, and directions of research. Olushola (2019) finds an increasing overlap and merging of research questions and principles in areas of IoT, computing both mobile and pervasive, cyber-physical systems, and wireless sensor networks. Madakam et al. (2015) described IoT as a ubiquitous global computing network that allows everything and everyone to be connected to the Internet. The IoT as an approach converges data collected from various things to a virtual platform on existing internet infrastructure. Thus, it represents a true definition of a world that allowed the connection and communication of anything in a fashion considered intelligent than before.

Researchers have established a close relationship between machine-to-machine (M2M) and IoT devices. According to Hsu and Yeh (2017), the use of M2M is common following the discussion around the industrial IoT, which has contributed to the development of the Fourth Industrial Revolution. Part of this revolution includes the development of the connected car agenda into the Internet of vehicles and other more obscure developments. Affia et al. (2019) examined IoT as a system that involves machines and humans while bringing context, services, and intelligence together in process and data functions. Hsu and Lin (2018) argued that IoT involves the convergence of wireless internet-oriented, things-oriented, and semantic-oriented. Therefore, the evolution has involved the use of a wide range of core technologies through developments made in different areas of application. However, any consideration of its evolution clearly shows the ability of IoT to bring key areas together, which has complicated its definition and distinguishing. The complications exhibited in defining and distinguishing of IoTs pose challenges related to security and privacy.

Application of the IoT in the Manufacturing Sector

Many domains have significantly been impacted by IoT, with researchers providing insights and analysis in various applications. Tripathi and Pandit (2019) argued that there are different classifications of IoT applications presented by both academia and industry. Tripathi and Pandit’s (2019) study identified a list of more than 61 applications, while Chowdhury and Raut (2019) classified IoT applications into four short-medium categories: plan, healthcare, transportation, and logistics, and smart environment. Brous et al. (2020) expected IoT to come through the Fourth Industrial Revolution advent to mark one of the biggest global impacts. In this advanced step, IoT technologies are incorporated into the manufacturing process phases. Andersson et al. (2018) argued that the development entails the shift from automated to intelligent processes of manufacturing which incorporate automated robotics, cloud computing, big data analytics, and cyber-physical systems.

The entire lifecycle of development involved employing IoT through the smart connected machines introduction. The connection allows proactive maintenance, flexible, rapid, and lean manufacturing, and enables a smarter manufacturing process that is delivered through intelligent logistics (Karale 2021, 422). The maximization of plants’ energy is achieved by optimizing innovative planning and decision-making methods combined with smart grid technology.

Various reasons have been cited for the continued leading role of IoT in the manufacturing sector. Hsu and Yeh (2017) argued that IoT has the potential of causing another industrial revolution, commonly known as Industry 4.0, with applications providing more returns to the industry. At the same time, manufacturers are able to adopt digital transformations through visibility, automation, and the centricity of the customer. Stoyanova et al. (2020) identified standard quality control processes among manufacturers as a significant factor of IoT application. The proactivity of the manufacturing quality process is enabled with video and thermal sensors that collect complete product data that undergoes different product cycle stages.

Manufacturers use IoT to make the management of inventory an efficient and seamless process. This situation involves the transformation of data acquired to become useful insights into the business. Tawalbeh et al. (2020) argued for predictive maintenance in manufacturing where IoT replaces a time-based approach initially employed by manufacturers. This follows the many ineffective maintenance routines experienced by manufacturers after employing a time-based approach through their planning for Maintainance schedules of their equipment and machinery. Thilakarathne (2020) found IoT critical in leveraging data science for more accurate and efficient predictive maintenance as it facilitates monitoring of the operating environment and analytical performance. This process involves the use of related data in the cloud for the evaluation of tears and wear. Similarly, manufacturing has prioritized safety operations that require the input of IoT for full achievement.

Security Challenges in the IoTs

Several studies have addressed the security and privacy concern in using the Internet of Things in contemporary business models. According to Aqeel-ur-Rehman et al. (2016), the Internet of Things has been critical in migrating from the Internet of computers to the new technology that enables remote communication between systems and devices. Aqeel-ur-Rehman et al. (2016) argue that with the expansion of IoT and becoming more interwoven in people’s everyday lives, it has become vital to secure its systems. Security concern has been highlighted as one of the top reasons why businesses and individuals fail to embrace IoT.

Wilkowska and Ziefle (2012) found the Internet chaotic, and the introduction of IoT only increased the potential of having havoc. Companies involved in designing the applications face multiple challenges because of the isolated nature of most industrial devices. Senarathna et al. (2016) argued that software security is critical and needs to be considered carefully before any company adopts IoT, following the possibility of an actual device being hacked. The significant danger follows the potential that the virus can affect the software, putting the industrial equipment at risk.

System security is based on various principles, including the confidentiality, integrity, and availability (CIA) of information security, the five pillars of information assurance, and the Parkerian Hexad. Security considerations research on the IoT and cyber-physical systems has not defined the definite principle to adopt. The study conducted by Andersson et al. (2018) indicated that most Internet of Things users in business organizations lack user knowledge and awareness about the possibility of threats in its application. According to (Andersson et al., 2018), the most considerable risk in adopting the Internet of Things is employees’ ignorance of business organizations who use the traditional model to insulate model challenges.

Research by Tawalbeh et al. (2020) indicated that the security risk in the Internet of Things could be attributed to device update management where devices at workplaces are not updated at the right time, increasing their vulnerability. Most business organizations are ignorant in updating the devices used in the Internet of Things despite being aware of the risk. The study further indicated that there are risks associated with updating devices connected by the Internet of Things, especially when connections are not encrypted, making files vulnerable for hackers to access private information. Aqeel-ur-Rehman et al. (2016) study implied that the adoption of the Internet of Things is hindered by significant security issues, making business organizations reluctant to use the inevitable technology.

The cyber-physical systems in industry 4.0 face a significant number of threats that have been recorded over the years. Yang et al. (2017) cited loss of communication as a key among the security challenges that face industry 4.0. Sometimes manufacturers face attacks on information confidentiality, including intellectual data leakage leading to the loss of competitive advantage in the market. Borgohain et al. (2015) argued that competitors tend to be equipped with the capacity to undermine manufactured innovations in such situations.

Security issues of IoT occur at each of its layers when adopted and utilized in an organization subjecting it to vulnerabilities. The study by Assiri and Almagwashi (2018) revealed the security lapse at the perception layer of IoT where the nodes are placed outdoors, and the environment in which they exist exposes them to physical attacks and natural accidents. The vulnerable conditions in which nodes exist subject them to easy attacks, especially from the physical dimension; in any case, an attacker accesses it to temper with the device element. Bi et al. (2014) added that the dynamic nature of IoT allows them to move in multiple applications exposing them more to risks of being attacked. The perception layer of IoT faces various security problems, including the leakage of information and cloning and replay attacks because of the sensors and wireless sensor networks within this layer. Assiri and Almagwashi (2018, 2) also observed that IoT nodes have low storage capacity possessing the limited capability to compute, subjecting them to vulnerability hence can easily be targeted by various attacks. Attacker nodes can generate malicious data threatening the integrity of data and increasing the attack.

A significant layer that subjects IoT to security vulnerability is the network layer, often a target for multiple data attacks. Brous et al. (2020) identified some attack targets as destruction, illegal access, viruses attack, and man-in-the-middle. The occurrence of attacks in this layer is possible since attackers utilize eavesdropping and traffic to interfere with the confidentiality and privacy of the network. According to Assiri and Almagwashi (2018), these attacks are more likely to occur following the IoT remote access mechanisms and data exchange. More security issues are introduced due to the communication with the IoT environment, considering that the networking is between machines involved in the exchange of sensitive information. Tawalbeh et al. (2020) claimed that the vulnerability occurs because the communication between machines does not adhere to standard security protocols despite the shared information sensitivity. It allows networks attackers to get information on the users from the IoT devices they use and use the same information to conduct criminal activities.

The final phase that creates the vulnerability of the IoT to security threats is the application layer. Thilakarathne (2020, 27) identified multiple security issues related to the application layer, including but not limited to lacking standards to manage the process of interaction and applications development. Some of the applications need different authentication mechanisms that becomes difficult to confirm authentication. Attackers most target the application layer because it is involved in the management of traffic as its responsibility. The layer also involves many connected devices and generated data, limiting services availability because of the created applications overhead for data analysis.

Security concerns have been recorded in the industrial control systems utilizing the use of IoT due to occurrences of failures. Sadeghi et al. (2015) observed that the integration of information technology required increasing protection against cyberattacks, especially in the industrial sector, considering the vulnerability of the IoT systems to multiple cyberattacks. In 2003, the Slammer worm attack was successfully launched against the US’s industrial control systems infecting critical monitoring systems (Hwang 2015). The country’s major transportation network suffered a computer virus infection, which affected the signal and dispatched control system, leading to the complete stopping of trains carrying passengers and trains.

The vulnerabilities in industrial systems have subjected businesses, including manufacturers, to security threats that strain their IoT providers, including devices and services. Alrawais et al. (2017) found close to 50% of critical infrastructure operations using outdated Microsoft software, with more than 40% of the industrial sites utilizing public Internet. The machine’s infiltration is put at the risk of being proliferated to allow sophisticated hackers to gain access to the factory in its entirety. The access tends to damage or disrupt capable production for an extended period and cause physically dangerous conditions which result in the intrusion. Brous et al. (2020) identified a lack of standards and protocols in the industry in addition to astronomic growth that seems to be hampering coherent security progress. Smart manufacturing tends to exhibit vulnerable components with devices connected that pose vulnerability globally to the systems. Insecure protocols, human factors, and unused functionalities have been fronted as avenues for security lapse in manufacturing.

Privacy Challenges in the IoTs

Privacy determines the usefulness of the IoT, which requires that people’s choices are respected and preserved. Hwang (2015) defined privacy in IoT as the entity’s right that allows it to act on its own behalf to determine the level of interaction with the environment and the willingness to share information. The protection of sensitive information in IoT is considered a critical issue. As a result, the area of privacy of information in IoT, including location, data, and usage, has continued to attract research attention (Assiri and Almagwashi 2018). IoT devices that are constrained regarding resources have no ability to decrypt or encrypt generated data making them vulnerable to an adversary.

The issue of privacy has raised concern among organizations and businesses intending to utilize IoT. Many have raised questions about the increasing cases of privacy breaches with the continued adoption of technology. Shin (2010) claimed that IoT devices can harvest big amounts of data with dangerous security breaches. The increasing number of privacy legislation indicates that these issues threaten the adoption of IoT and raise the alarm of the need to develop measures that could limit this issue. Oorschot and Smith (2019) described privacy as a significant concern in the adoption of IoT, considering the large quantity of data made available with this technology. The data available is critical in operations and production as it is sensitive and used as raw material to set the business running. The adoption of IoT can be affected by concerns about privacy issues and those related to potential harms. Thilakarathne (2020) argued that respect for the users’ privacy rights is essential in ensuring confidence and self-assurance for the process of adopting IoT. Trust has also been identified as a fundamental element in the process of adopting the new technology and determines the extent to which people use new technology, including the IoT considering the complex systems involved.

According to Tawalbeh et al. (2020), data management has a potential security risk of privacy because of the increased number of devices, making identification and addressing a problem. In reliance on the Thilakarathne (2020, 28) study, as the number of devices increases, data management will be a critical concern that will prove difficult to management, thereby offering a loophole for hackers to access unauthorized data. According to Tawalbeh et al. (2020), the privacy and security concern in using the Internet of Things has a close association with the level of awareness by the user in mechanism to enforce security mechanisms. Oorschot and Smith’s (2019) study, the inefficiency in device update and unavailability of security protocols that are effective and robust contribute adversely to the security of devices using the Internet of Things. Stoyanova et al. (2020) study made the association of the management of an organization in developing a mechanism to solve IoT challenges. According to Karale (2021), the challenges of IoT are inevitable due to the increase in the independence of devices.

Significant academic sources have debated in length about the concept of privacy as it is used in information technology. Mark Zuckerberg, the Facebook founder, announced that it is no longer true that privacy is a social norm. According to Maple (2017), more than 86% of internet users have considered hiding their digital footprints by cleaning cookies, email encryption, and hiding internet protocol addresses using virtual networks. The trust in distributed systems is assured when users are given more control over the collection and use of information belonging to them. Sadeghi et al. (2015) found the Platform for Privacy Preferences Project (P3P) as effective in providing the users with control when they use the Internet. In IoT, sensitive information is targeted following unauthorized access to the hardware or software devices. The breach of privacy also occurs during communication, when important information is still in storage, and during the process of such information.

Research into privacy concerns in the adoption of IoT has led to multiple issues identified and investigated. Alrawais et al. (2017) discussed the collection, use, and disclosure of IoT data considering that collected data often comes from sensors. It is possible that additional information is created through analysis techniques and machine learning inferences because obtained data is detailed and precise. Thilakarathne (2020) argued that there is a need to take significant care, especially regarding the purpose for which data is used. This is because most of the smart devices used can easily sensitive information kept about individuals.

The IoT data de-identification is another critical issue that Assiri and Almagwashi (2018) identify as it intends to make the datasets publicly available. However, datasets may contain information that is not permissible to be shared with the public. De-identification is considered important since it allows such sensitive information, including personal data, to be removed from the data set. Brous et al. (2020) found a lot of risk in sharing non-personal data as well because unauthorized parties can access it. Significant issues have been raised about the consent of making data available to the public. Alrawais et al. (2017) supported this argument that data leaks have a severe effect on the privacy of individuals and the organizations against which data is protected because financial information is revealed to the competitors or third parties. This requires that unauthorized access and misuse of sensitive information is prevented by only allowing necessary and allowed accesses.

The idea of big data management has been studied broadly in technological research. Yang et al. (2017) argued that users get the data they need through big data since they can uncover what is considered previously unforeseen insights. Even though Big Data improves data quality, interpretation of such data may be more difficult because of the velocity and veracity. Thus, the permission to access and use publicly published data poses the risk of interfering with sensitive information to the organization. However, it is costly to deal with these risks if the need to protect data arises.

Chapter Three: Methodology

Introduction

This chapter presents a rigorously designed methodology that draws far-reaching and accurate conclusions to help achieve the research objectives. The research methodology facilitates data extraction, production, and analysis. According to Saunders et al. (2003), researchers in any study need to define a research design to tackle various investigation process phases. The research framework also outlines the philosophy used to make key assumptions in the research distinguishing the inductive and deductive approaches. Thus, this chapter presents the research philosophy, design, sample, and sampling techniques involved in the study, the researcher’s instrument to collect data, and the proposed analysis technique. Ethical considerations, Limitations, and reliability and validity are presented in this section of the research process.

Research Philosophy

In research, fundamental research philosophy helps in designing research and facilitates the choice of appropriate methodologies to be used in the study. Saunders et al. (2015) related research philosophy to a system of assumptions and beliefs on the development of knowledge. Saunders et al. (2015) identified different major philosophies in the management of organizations, including positivism, critical realism, interpretivism, pragmatism, and postmodernism. Positivism defines what is significant in the provided information or phenomenon. Its emphasis is on the observable social reality to facilitate the creation of law-like generalizations while assuring accurate knowledge provision.

Positivism recommends the employment of empirical methods that are purely scientific in data and facts production without being influenced by human interpretation. The focus of positivism is how to discover measurable or observable regularities and facts to help the research come up with credible and meaningful data. Therefore, the current study adopted a positivist philosophy in designing the process required to conclude the research. Though, Saunders et al. (2015) alerted the criticism of interpretivism against positivism by emphasizing the difference between humans and physical phenomena regarding creating meanings used in interpretivism.

Research Design

The study used mixed methods to determine factors that contributed to the security and privacy concern in adopting the Internet of Things in manufacturing companies. The qualitative data were analyzed using the grounded theory methodology to create inferential statistics about reasons for the adoption process. The analysis approach was chosen because it was the most appropriate for the analysis of the qualitative data in line with the objectives of the thesis. It focused on creating an understanding of the qualitative data, which could quickly answer the research questions and effectively meet the objectives and aim of the study. The top management staff from the manufacturing companies was the primary respondents. The primary qualitative data were coded to help in a better understanding of the trend developed after analysis.

The design of the study adopted is the survey design that is descriptive in nature. The survey is significant in studies requiring primary data collection, considering that both the researcher and the respondents have convenient time and resources to participate in the research process. Descriptive research design has proved more accurate and systematic in defining the facets involved in a phenomenon, and the research can use this research method to investigate more variables. Central tendency analysis was used to offer descriptive statistics about outcomes for the quantitive data in the study. The distribution of cases of companies opting-out from the adoption of the Internet of Things was developed using measures of central tendency.

Target Population

The study targeted manufacturing companies in Riyadh, Saudi Arabia. A new report by Kaspersky revealed the growth of the use of IoT business platforms yearly in all industries. The 2019 report showed that more than 81% of companies in Saudi Arabia have adopted and implanted IoT applications. Businesses in Saudi Arabia are benefiting with increased efficiency for production, new incomes streams, and savings. However, investigations have also revealed that 60% of the organizations using IoT experience incidents of cybersecurity that target connected devices. This means that there is a need to protect the IoT implementation process from limiting security issues carefully.

Despite the potential risks and incidents of cybersecurity, there has been continued growth of IoT in Saudi Arabia, with a large number of companies indicating that they have experienced cybersecurity and privacy issues. Based on these reports, this study considers investigating Saudi Arabian manufacturing companies to establish the extent to which they have implemented IoT and issues of security and privacy arising from these applications.

The targeted population includes different professionals working in manufacturing companies. They involve top managers of companies and departmental heads dealing with information technology, finance, and engineering, among others. These professionals have a direct link with the operations around the use of IoT in their companies. Therefore, they have information on the issues arising from applying IoT, including security and privacy. The eligibility for the respondent to be included in the study was based on the type of technology adopted in the company. All the respondents were to consent to offer information about their company. However, considering that most of the people involved were senior members of the company, it was easier to have them involved in the study.

Sampling Technique and Sample Size

After identifying the population and the participant setting, selecting the right sample to be used in the research was critical. Mugo (2002) defined a sample as a group of people that is part of the larger population used for measurement. A sample represents the population, ensuring that the findings are generalized to represent the entire group under study. The sampling technique is critical in selecting the right sample for the study. For the current study, the sampling used is a purposive sample which is a non-probability sampling technique. The research in this technique relies on making own judgment when choosing participants from a population in the study. The researcher believes that a representative sample can be obtained when sound judgment is used.

Purposive sampling is conveniently such that it saves in time and money that could have been used in selecting the participants. The goal here is to focus on some particular characteristics that are of interest in the study. The choice for this sampling technique was suitable such that it helped the researcher identify people within the manufacturing companies in Saudi Arabia that deal with technology and have information on the operations around the adoption of IoT in the organization. This led to choosing top managers of companies and departmental heads in the information technology, finance, and engineering areas.

The use of this sampling technique resulted in a sample size of 50 respondents from the manufacturing companies in Riyadh, Saudi Arabia. The selected sample was subjected to the survey through the administration of the questionnaire to help extract relevant data to be analyzed and presented to make an informed conclusion. The eligibility for all the respondents was based on the type of technology adopted in the company. All the respondents will have consented to offer information about their company. The information collected about the companies will be treated as confidential. An assurance was made to the respondents that the information collected would exclusively be used for the study purpose alone.

Data Sources

The data sources employed in this study are both primary and secondary sources considering that security and privacy issues are critical in successfully adopting technology in the business environment. Primary sources of data provide information that is raw and first-hand evidence, including the use of interviews, surveys, and transcripts, among others. The primary source, in this case, involves the survey that utilized the questionnaire with relevant questions in relation to the research topic. The type of information is directly obtained from primary sources and is often not subjected to any manipulation or processing. Information from the leadership of the manufacturing companies involved in the study was considered primary data.

Secondary data sources contain information that has data already collected by someone else and preserved in books, government publications, and journals, among other sources. Secondary information was critical in comparing the newly collected data with what is already documented in IoT privacy and security issues. However, the reliability of the primary data sources through survey was higher in this study, considering that information was obtained from senior managers in the manufacturing companies in Saudi Arabia. The recent new Kaspersky report shows that 81% of the companies in Riyadh have adopted and implemented IoT use, and only organizations with the technology were considered. Thus, the provided information was based on evidence as it involved those who are affected by the technological application. The validity of data collected was enhanced through comparison with the documented findings to establish consistency.

Data Collection Procedure

The data collection was a significant part of this study, considering that it involved the actual collection of data used. The questionnaire was the instrument used in collecting data. It contained a set of written questions with answer choices for the respondents to pick on the most relevant and applicable responses. A questionnaire containing 15 items was used to collect first-hand data from the company’s top officials. These items were based on three sections; the first section required demographic information about individuals participating in the study, such as age, gender, profession, organization size, and education. The second section sought information about the IoT in the participating companies; the third section interrogated the security issues in the companies, while the fourth section was concerned about the privacy issues faced by the companies.

The questionnaires had five multi-choice questions that measured the quantitative data, while the rest were open-ended for qualitative data. The open-ended questions helped the study gather more details about the extent of security and privacy concerns of companies using the Internet of Things. These questionnaires were administered to all the 50 sample sizes of managers in manufacturing companies in Riyadh in Saudi Arabia. The administration of these questionnaires was online either by email or social media services such as WhatsApp. After questionnaires were administered, the respondents were given about a week to re-send the filled questionnaires. The process began by seeking consent from the participants and informing them that participation was voluntary and that information received would only be used for the current study purpose.

Measures

Qualitative and quantitative data were collected to give inferential and descriptive statistics about the elements of the study. Over the past year, the number of security breach cases was treated as the dependent variable influenced by the Internet of Things management factors. The mechanism of privacy enforcement, level of security, security threat awareness, and effectiveness of traditional industrial devices were treated as management factors. The management factors acted as the independent variables that influenced a security breach in the manufacturing companies.

Data Analysis

The mixed study design enabled the analysis of qualitative and quantitative data in the study. A descriptive statistic measure generated the description pattern of the statistic in the study, while the central tendency demonstrated the description of quantitative data. The central tendency measure offered a pictorial representation of the data, which enabled the drawing of descriptive relation between the variables in the study. A coefficient correlation analysis was run to generate the association between cases of security breach and management factors. The number of security breach cases is dependent on the management factors; therefore, a correlation coefficient would determine the extent to which the independent variable influenced the dependent variable. The correlation coefficient (ρ) was used to indicate the linear relationship between dependent and independent variables. A correlation coefficient with a statistic greater than zero (ρ>0) indicated a positive relationship. Positive correlation signified that the management factors had a significant effect on the decline of manufacturing companies to adopt the IoT. Contrarily, the correlation coefficient with a statistic value less than zero (ρ<0) indicated a negative relationship between the variables. The negative correlation would indicate that management factors did not significantly influence the companies’ decision to adopt the IoT.

Limitations

The study faced several limitations that had a significant effect on the study process. Firstly, the sample size used was small and may not have included all the elements of the entire population in the field of the study. However, the sample size offered data that was reliable to give reliable inference about the population. Secondly, the resource needed in the study was insufficient, which contributed to using a small sample size that would be manageable with the available resources. Thirdly, despite the availability of studies adopting the IoT by a business organization, minimum research had the exact analysis of the manufacturing industry. The limitation of prior research had significant challenges in developing the course of the research study.

References List

Affia, I., Yani, L.P.E. and Aamer, A.M., (2019). Factors affecting IoT adoption in food supply chain management. In 9th International Conference on Operations and Supply Chain Management (pp. 19-24). https://www.researchgate.net/profile/Ammar-Aamer-2/publication/338035901

Alrawais, A., Alhothaily, A., Hu, C. and Cheng, X., (2017). Fog computing for the Internet of things: Security and privacy issues. IEEE Internet Computing, 21(2), pp.34-42. https://www.researchgate.net/profile/Chunqiang_Hu/publication/314162879

Andersson, K., You, I. and Palmieri, F. (2018). Security and Privacy for Smart, Connected, and Mobile IoT Devices and Platforms. Security and Communication Networks, 2018, pp.1–2. https://www.hindawi.com/journals/scn/2018/5346596/

Aqeel-ur-Rehman, S.U.R., Khan, I.U., Moiz, M. and Hasan, S., (2016). Security and privacy issues in IoT. International Journal of Communication Networks and Information Security (IJCNIS), 8(3), pp.147-157. https://www.researchgate.net/profile/Malaika-Moiz-2/publication/313574376

Assiri, A. and Almagwashi, H., (2018, April). IoT security and privacy issues. In 2018 1st International Conference on Computer Applications & Information Security (ICCAIS) (pp. 1-5). IEEE. https://www.researchgate.net/profile/Abeer-Assiri/publication/327195015

Bi, Z., Da Xu, L. and Wang, C., (2014). Internet of things for enterprise systems of modern manufacturing. IEEE Transactions on industrial informatics, 10(2), pp.1537-1546. https://www.researchgate.net/profile/Chengen-Wang/publication/262056560

Borgohain, T., Kumar, U. and Sanyal, S., (2015). Survey of security and privacy issues of Internet of things. arXiv preprint arXiv:1501.02211. https://arxiv.org/pdf/1501.02211

Brous, P., Janssen, M. and Herder, P., (2020). The dual effects of the Internet of Things (IoT): A systematic review of the benefits and risks of IoT adoption by organizations. International Journal of Information Management, 51, p.101952. https://www.sciencedirect.com/science/article/pii/S0268401218309022

Brous, P., Janssen, M. and Herder, P., (2020). The dual effects of the Internet of Things (IoT): A systematic review of the benefits and risks of IoT adoption by organizations. International Journal of Information Management, 51, p.101952. https://www.sciencedirect.com/science/article/pii/S0268401218309022

Chowdhury, A. and A Raut, S., (2019). Benefits, Challenges, and Opportunities in Adoption of Industrial IoT. International Journal of Computational Intelligence & IoT, 2(4). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3361586

Hsu, C.L. and Lin, J.C.C., (2018). Exploring factors affecting the adoption of Internet of things services. Journal of Computer information systems, 58(1), pp.49-57. https://www.tandfonline.com/doi/abs/10.1080/08874417.2016.1186524

Hsu, C.W. and Yeh, C.C., (2017). Understanding the factors affecting the adoption of the Internet of Things. Technology Analysis & Strategic Management, 29(9), pp.1089-1102. https://www.tandfonline.com/doi/abs/10.1080/09537325.2016.1269160

Hwang, Y.H., (2015, April). Iot security & privacy: threats and challenges. In Proceedings of the 1st ACM workshop on IoT privacy, trust, and security (pp. 1-1). https://dl.acm.org/doi/abs/10.1145/2732209.2732216

Karale, A. (2021). The Challenges of IoT addressing Security, Ethics, Privacy 333.and Laws. Internet of Things, p.100420. https://www.sciencedirect.com/science/article/pii/S2542660521000640

Maple, C., (2017). Security and privacy in the Internet of things. Journal of Cyber Policy, 2(2), pp.155-184. https://www.tandfonline.com/doi/pdf/10.1080/23738871.2017.1366536

Olushola, O.B., (2019). Factors affecting IoT adoption. Journal of Computer Engineering, 21(6), pp.19-24. https://www.researchgate.net/profile/Bayo-Olushola-Omoyiola/publication/337657446_Factors_affecting_IoT_adoption/links/5e4e5796458515072dabbdec/Factors-affecting-IoT-adoption.pdf

Oorschot, P.C. and Smith, S.W. (2019). The Internet of Things: Security Challenges. IEEE Security & Privacy, 17(5), pp.7–9. https://ieeexplore.ieee.org/iel7/8013/8821441/08821455.pdf

Sadeghi, A.R., Wachsmann, C. and Waidner, M., (2015, June). Security and privacy challenges in industrial Internet of things. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC) (pp. 1-6). IEEE. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.1064.7985&rep=rep1&type=pdf

Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E. and Markakis, EK (2020). A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches and Open Issues. IEEE Communications Surveys & Tutorials, 22(2), pp.1–1. https://ieeexplore.ieee.org/iel7/9739/9102343/08950109.pdf

Tawalbeh, L., Muheidat, F., Tawalbeh, M. and Quwaider, M. (2020). IoT Privacy and Security: Challenges and Solutions. Applied Sciences, [online] 10(12), p.4102. Available at: https://www.mdpi.com/2076-3417/10/12/4102/pdf.

Tawalbeh, L.A., Muheidat, F., Tawalbeh, M. and Quwaider, M., (2020). IoT Privacy and security: Challenges and solutions. Applied Sciences, 10(12), p.4102. https://www.mdpi.com/2076-3417/10/12/4102/pdf

Thilakarathne, N. N. (2020). Security and privacy issues in iot environment. International Journal of Engineering and Management Research, 10. https://www.academia.edu/download/62112314/Security_and_Privacy_Issues_in_IoT_Environment20200216-47939-isjw4s.pdf

Tripathi, S. and Pandit, L., (2019). Analysis of factors influencing adoption of Internet of things: a system dynamics approach. Theoretical Economics Letters, 9(07), p.2606. https://www.scirp.org/html/25-1501956_95843.htm

Wong, K.Y.J., (2018). No More Taboo: Discursive tactics for navigating the taboo of cosmetic surgery. Global Media and China, 3(4), pp.271-296. https://journals.sagepub.com/doi/pdf/10.1177/2059436418816649

Yang, Y., Wu, L., Yin, G., Li, L. and Zhao, H., (2017). A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal, 4(5), pp.1250-1258.