Enhancing the Security of Internet of Things Devices through Cybersecurity Framework

Godfrey M Macharia; Bonny Mgawe; Jaha Mvula; Anael E Sam

doi:10.51519/journalisi.v7i3.1155

Godfrey M Macharia The Nelson Mandela African Institution of Science and Technology, Tanzania, United Republic of
Bonny Mgawe The Nelson Mandela African Institution of Science and Technology, Tanzania, United Republic of
Jaha Mvula Electronic Government Authority, Tanzania, United Republic of
Anael E Sam The Nelson Mandela African Institution of Science and Technology, Tanzania, United Republic of

DOI: 10.51519/journalisi.v7i3.1155

Keywords: Cybersecurity Framework, Internet of Things, Technological Acceptance Theory, Zero Trust Theory

Abstract

This study focused on enhancing the protection of IoT devices by assessing the effectiveness of existing cybersecurity frameworks (CSFs), identifying gaps in advanced technology cyber-attack tactics, and developing a comprehensive cybersecurity framework for IoT ecosystems. Technological Acceptance and Zero Trust Security Theories guided the study. A cross-sectional research design and mixed-methods approach was adopted, while semi-structured interviews and Focus Group Discussions provided in-depth qualitative insights. For quantitative data, a questionnaire was used. A total of 93 respondents from HLIs, hospitals, and broadcasting media were selected using purposive and random sampling techniques. Descriptive and inferential statistics were employed to analyze quantitative data. For qualitative data, Atlas.ti 9.0 Desktop was used. The findings revealed cyber vulnerabilities are associated with the spread of imported unsecured IoT devices, user unawareness, and lack of effective cybersecurity frameworks tailored to emerging cyber threats from advanced technologies such as AI, 5G, Edge computing, and Autonomous Systems. In conclusion, a framework was designed to strengthen IoT device security by integrating best practices, policy implementation, and technological safeguards. The study recommends that imported IoT devices should be digitally coded to detect cyber risks and adopt multi-layered ECSF-IoT framework and strengthen end-user cybersecurity education in developing countries such as Tanzania.

Downloads

Download data is not yet available.

References

I. H. Sarker, A. I. Khan, Y. B. Abushark, and F. Alsolami, “Internet of Things (IoT) Security Intelligence: A Comprehensive Overview, Machine Learning Solutions and Research Directions,” Mob. Netw. Appl., vol. 28, no. 1, pp. 296–312, Feb. 2023, doi: 10.1007/s11036-022-01937-3.

K. S. Mohamed, “An Introduction to IoT,” in Bluetooth 5.0 Modem Design for IoT Devices, Cham: Springer International Publishing, 2022, pp. 33–43. doi: 10.1007/978-3-030-88626-4_2.

J. C. Talwana and H. J. Hua, “Smart World of Internet of Things (IoT) and Its Security Concerns,” in 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Dec. 2016, pp. 240–245. doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2016.64.

V. M. Kuthadi, R. Selvaraj, Y. V. Rao, P. S. Kumar, M. Mustafa, K. Phasinam, and E. Okoronkwo, “Towards security and privacy concerns in the internet of things in the agriculture sector,” Turk. J. Physiother. Rehabil., vol. 32, no. 3, pp. 1–12, 2023.

M. Ahmid and O. Kazar, “A Comprehensive Review of the Internet of Things Security,” J. Appl. Secur. Res., vol. 18, no. 3, pp. 289–305, Jul. 2023, doi: 10.1080/19361610.2021.1962677.

A. D. Khaleefah and H. M. Al-Mashhadi, “Methodologies, requirements, and challenges of cybersecurity frameworks: a review,” Iraqi J. Sci., vol. 65, no. 1, pp. 468–486, Jan. 2024, doi: 10.24996/ijs.2024.65.1.38.

J. G. Almaraz-Rivera, J. A. Perez-Diaz, and J. A. Cantoral-Ceballos, “Transport and Application Layer DDoS Attacks Detection to IoT Devices by Using Machine Learning and Deep Learning Models,” Sensors, vol. 22, no. 9, Art. no. 9, Jan. 2022, doi: 10.3390/s22093367.

F. Mwamba and E. A. Mjema, “The Effects of Phishing Attacks on Mobile Phone Users in Tanzania: A Case of Kariakoo Market, Dar es Salaam,” Afr. J. Empir. Res., vol. 5, no. 4, Art. no. 4, Nov. 2024.

G. N. Noah, “Examining security awareness level on emerging internet of things (IoT) usage to the end user in Arusha, Tanzania,” Ph.D. dissertation, Inst. of Accountancy Arusha, Tanzania, 2022.

E. Mkilia, J. T. Kaleshu, and A. S. Sife, “Cybersecurity Risks and Customers’ Protective Behavior on Usage of Mobile Banking Services: Evidence from Selected Banks in Tanzania,” Local Adm. J., vol. 16, no. 3, Art. no. 3, Sep. 2023.

H. Taherdoost, “Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview,” Electronics, vol. 11, no. 14, Art. no. 14, Jan. 2022, doi: 10.3390/electronics11142181.

A. B. Feroz Khan, M. M. Hussain, S. Kalpana Devi, and M. A. Gunavathie, “DDoS attack modeling and resistance using trust based protocol for the security of Internet of Things,” J. Eng. Res., vol. 11, no. 2, p. 100058, Jun. 2023, doi: 10.1016/j.jer.2023.100058.

M. Fagan, K. N. Megas, K. Scarfone, and M. Smith, “IoT device cybersecurity capability core baseline,” National Institute of Standards and Technology, Gaithersburg, MD, NIST IR 8259A, May 2020. doi: 10.6028/NIST.IR.8259a.

W. S. Admass, Y. Y. Munaye, and A. A. Diro, “Cyber security: State of the art, challenges and future directions,” Cyber Secur. Appl., vol. 2, p. 100031, Jan. 2024, doi: 10.1016/j.csa.2023.100031.

P. Bastos, L. Castro, and M. Cruz, The Quality and Price of Africa’s Imports of Digital Goods. in Policy Research Working Papers. The World Bank, 2024. doi: 10.1596/1813-9450-10718.

P. C. Mbwana, “The Legal Disruption of Cybercrime in Tanzania: A Social-Economic Analysis,” Oct. 09, 2023, Social Science Research Network, Rochester, NY: 4596873. doi: 10.2139/ssrn.4596873.

H. Pallangyo, “Cyber Security Challenges, its Emerging Trends on Latest Information and Communication Technology and Cyber Crime in Mobile Money Transaction Services,” Tanzan. J. Eng. Technol., vol. 41, no. 2, pp. 189–204, Aug. 2022, doi: 10.52339/tjet.v41i2.792.

M. Thakur, “Cyber Security Threats and Countermeasures in Digital Age,” J. Appl. Sci. Educ. JASE, vol. 4, no. 1, Art. no. 1, Apr. 2024, doi: 10.54060/a2zjournals.jase.42.

M. Fagan, J. Marron, K. Brady, B. Cuthill, K. Megas, and R. Herold, “Creating a Profile Using the IoT Core Baseline and Non-Technical Baseline,” National Institute of Standards and Technology, NIST Internal or Interagency Report (NISTIR) 8259C (Draft), Dec. 2020. doi: 10.6028/NIST.IR.8259C-draft.

M. Burhan et al., “A Comprehensive Survey on the Cooperation of Fog Computing Paradigm-Based IoT Applications: Layered Architecture, Real-Time Security Issues, and Solutions,” IEEE Access, vol. 11, pp. 73303–73329, 2023, doi: 10.1109/ACCESS.2023.3294479.

U. Tariq, I. Ahmed, A. K. Bashir, and K. Shaukat, “A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review,” Sensors, vol. 23, no. 8, Art. no. 8, Jan. 2023, doi: 10.3390/s23084117.

N. Kshetri, “Cybercrime and Cybersecurity in Africa,” J. Glob. Inf. Technol. Manag., vol. 22, no. 2, pp. 77–81, Apr. 2019, doi: 10.1080/1097198X.2019.1603527.

N. F. Khan, N. Ikram, S. Saleem, and S. Zafar, “Cyber-security and risky behaviors in a developing country context: a Pakistani perspective,” Secur. J., pp. 1–33, May 2022, doi: 10.1057/s41284-022-00343-4.

D. Nagpal, I. Kornerup, and M. P. Gibson, “Mixed-method Research: A Basic Understanding,” CODS J. Dent., vol. 12, no. 1, pp. 11–16, Apr. 2021, doi: 10.5005/jp-journals-10063-0065.

A. N. Masawe and D. B. Ally, “Effectiveness of Cybersecurity Awareness Training on Mitigating Insider Threat: The Case of Arusha Airport,” Afr. Conf. Appl. Inform., Dec. 2024, doi: 10.59645/acai.v4i1.328.

Y. Su and M. Li, “Applying Technology Acceptance Model in Online Entrepreneurship Education for New Entrepreneurs,” Front. Psychol., vol. 12, p. 713239, Oct. 2021, doi: 10.3389/fpsyg.2021.713239.

M. H. Kalayou, B. F. Endehabtu, and B. Tilahun, “The Applicability of the Modified Technology Acceptance Model (TAM) on the Sustainable Adoption of eHealth Systems in Resource-Limited Settings,” J. Multidiscip. Healthc., vol. Volume 13, pp. 1827–1837, Dec. 2020, doi: 10.2147/JMDH.S284973.

P. Gill and J. Baillie, “Interviews and focus groups in qualitative research: an update for the digital age,” Br. Dent. J., vol. 225, no. 7, pp. 668–672, Oct. 2018, doi: 10.1038/sj.bdj.2018.815.

T. S. Jalolov, “Use of SPSS Software in Psychological Data Analysis,” Psixologiya Va Sotsiologiya Ilmiy Jurnali, vol. 2, no. 7, Art. no. 7, Aug. 2024.

U. N. Sharma, “Basic Stages of Analyzing Qualitative Documents Using ATLAS.ti,” Access Int. J. Nepal Libr. Assoc., vol. 3, pp. 112–132, Sep. 2024, doi: 10.3126/access.v3i1.69427.

D. Lakens, “Sample Size Justification,” Collabra Psychol., vol. 8, no. 1, p. 33267, Mar. 2022, doi: 10.1525/collabra.33267.

Bostley Muyembe Asenahabi and Peters Anselemo Ikoha, “Scientific Research Sample Size Determination,” Int. J. Sci. Technoledge, Aug. 2023, doi: 10.24940/theijst/2023/v11/i7/ST2307-008.

M. Marcel and N. C. Azhar, “Contextual ITSM Adoption Across Educational Levels: A University and a Secondary School in Jakarta,” J. Inf. Syst. Inform., vol. 7, no. 2, pp. 1105–1147, Jun. 2025, doi: 10.51519/journalisi.v7i2.1081.

C. A. Wong et al., “Strategies for research participant engagement: A synthetic review and conceptual framework,” Clin. Trials, vol. 18, no. 4, pp. 457–465, Aug. 2021, doi: 10.1177/17407745211011068.

A. D. Khaleefah and H. M. Al-Mashhadi, “Methodologies, Requirements, and Challenges of Cybersecurity Frameworks: A Review,” Iraqi J. Sci., pp. 468–486, Jan. 2024, doi: 10.24996/ijs.2024.65.1.38.

R. H. Chowdhury, N. U. Prince, S. M. Abdullah, and L. A. Mim, “The role of predictive analytics in cybersecurity: detecting and preventing threats,” World J. Adv. Res. Rev., vol. 23, no. 2, pp. 1615–1623, Feb. 2024, doi: 10.30574/wjarr.2024.23.2.2494.

T. Vassiliadis and J. Hedström, The challenges and opportunities in incident response for companies. 2024. Accessed: Sep. 30, 2024. [Online]. Available: https://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-24067

J. Mulo et al., “Navigating Challenges and Harnessing Opportunities: Deep Learning Applications in Internet of Medical Things,” Future Internet, vol. 17, no. 3, Art. no. 3, Mar. 2025, doi: 10.3390/fi17030107.

V. R. Konduru and M. R. Bharamagoudra, “Challenges and solutions of interoperability on IoT: How far have we come in resolving the IoT interoperability issues,” in 2017 International Conference On Smart Technologies For Smart Nation (SmartTechCon), Aug. 2017, pp. 572–576. doi: 10.1109/SmartTechCon.2017.8358436.

S. Madnick, “Why data breaches spiked in 2023,” Harvard Business Review, Feb. 2024. [Online]. Available: https://hbr.org/2024/02/why-data-breaches-spiked-in-2023

S. El Jaouhari and E. Bouvet, “Secure firmware Over-The-Air updates for IoT: Survey, challenges, and discussions,” Internet Things, vol. 18, p. 100508, May 2022, doi: 10.1016/j.iot.2022.100508.

A. I. Weinberg and K. Cohen, “Zero Trust Implementation in the Emerging Technologies Era: Survey,” Jan. 17, 2024, arXiv: arXiv:2401.09575. doi: 10.48550/arXiv.2401.09575.

R. Rohan, D. Pal, J. Hautamäki, S. Funilkul, W. Chutimaskul, and H. Thapliyal, “A systematic literature review of cybersecurity scales assessing information security awareness,” Heliyon, vol. 9, no. 3, Mar. 2023, doi: 10.1016/j.heliyon.2023.e14234.

E. Stavrou and A. Piki, “Cultivating self-efficacy to empower professionals’ re-up skilling in cybersecurity,” Inf. Comput. Secur., vol. 32, no. 4, pp. 523–541, Jul. 2024, doi: 10.1108/ICS-02-2024-0038.

A. O. Affia, A. Nolte, and R. Matulevičius, “IoT Security Risk Management: A Framework and Teaching Approach,” Inform. Educ., Apr. 2023, doi: 10.15388/infedu.2023.30.

M. A. Azad, S. Abdullah, J. Arshad, H. Lallie, and Y. H. Ahmed, “Verify and trust: A multidimensional survey of zero-trust security in the age of IoT,” Internet Things, vol. 27, p. 101227, Oct. 2024, doi: 10.1016/j.iot.2024.101227.

M. Sayed, “The Internet of Things (IoT), Applications and Challenges: A Comprehensive Review,” J. Innov. Intell. Comput. Emerg. Technol. JIICET, vol. 1, no. 01, pp. 20–27, Jan. 2024.

M. O. Akinsanya, C. C. Ekechi, and C. D. Okeke, “The Evolution of Cyber Resilience Frameworks in Network Security: A Conceptual Analysis,” Comput. Sci. IT Res. J., vol. 5, no. 4, Art. no. 4, Apr. 2024, doi: 10.51594/csitrj.v5i4.1081.

T. S. AlSalem, M. A. Almaiah, and A. Lutfi, “Cybersecurity Risk Analysis in the IoT: A Systematic Review,” Electronics, vol. 12, no. 18, Art. no. 18, Jan. 2023, doi: 10.3390/electronics12183958.

Ł. Lemieszewski, D. Hannebauer, and G. Remiszewski, “Vulnerability of Wi-Fi wireless network to signal interference,” J. Eng. 360 JoE 360, vol. 1, no. 1/24, pp. 58–65, 2024.

A. A. Maqousi, “A Proposed Framework for User Cybersecurity Awareness,” in 2023 24th International Arab Conference on Information Technology (ACIT), Dec. 2023, pp. 1–6. doi: 10.1109/ACIT58888.2023.10453904.

J. Ye, X. D. C. De Carnavalet, L. Zhao, M. Zhang, L. Wu, and W. Zhang, “Exposed by Default: A Security Analysis of Home Router Default Settings,” in Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, in ASIA CCS ’24. New York, NY, USA: Association for Computing Machinery, Jul. 2024, pp. 63–79. doi: 10.1145/3634737.3637671.

C. Sisavath and L. Yu, “Design and implementation of security system for smart home based on IOT technology,” Procedia Comput. Sci., vol. 183, pp. 4–13, Jan. 2021, doi: 10.1016/j.procs.2021.02.023.

K. Ragothaman, Y. Wang, B. Rimal, and M. Lawrence, “Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions,” Sensors, vol. 23, no. 4, Art. no. 4, Jan. 2023, doi: 10.3390/s23041805.

N. S. Shalua and A. A. Semlambo, “Strengthening Tanzania’s Digital Infrastructure: Assessing Cyber Threats to the Government e-Payment Gateway for National Security,” vol. 6, no. 4.

H. Wu, H. Han, X. Wang, and S. Sun, “Research on Artificial Intelligence Enhancing Internet of Things Security: A Survey,” IEEE Access, vol. 8, pp. 153826–153848, 2020, doi: 10.1109/ACCESS.2020.3018170.

A. L. Canino and G. Lax, “Enabling Lawful Interception in Environments Protected by IoT Safeguard,” in Electronic Government and the Information Systems Perspective, A. Kö, G. Kotsis, A. M. Tjoa, and I. Khalil, Eds., Cham: Springer Nature Switzerland, 2024, pp. 139–153. doi: 10.1007/978-3-031-68211-7_12.

K. Sallam, M. Mohamed, and A. W. Mohamed, “Internet of Things (IoT) in Supply Chain Management: Challenges, Opportunities, and Best Practices,” Sustain. Mach. Intell. J., vol. 2, pp. 1-32, Mar. 2023, doi: 10.61185/SMIJ.2023.22103.

M. Noaman, M. S. Khan, M. F. Abrar, S. Ali, A. Alvi, and M. A. Saleem, “Challenges in integration of heterogeneous internet of things,” Sci. Program., vol. 2022, Art. no. 8626882, pp. 1–15, 2022, doi: 10.1155/2022/8626882.

J. Nyansiro, J. Mtebe, and M. Kissaka, “A Goal-Oriented Requirements Engineering Framework for E-government Information Systems,” East Afr. J. Sci. Technol. Innov., vol. 2, no. 4, Art. no. 4, Sep. 2021, doi: 10.37425/eajsti.v2i4.283.

B. Mtakati and F. Sengati, “Cybersecurity Posture of Higher Learning Institutions in Tanzania,” J. Inform., vol. 1, no. 1, Mar. 2021, doi: 10.59645/tji.v1i1.1.

J. Shehu Yalli, M. Hilmi Hasan, and A. Abubakar Badawi, “Internet of Things (IoT): Origins, Embedded Technologies, Smart Applications, and Its Growth in the Last Decade,” IEEE Access, vol. 12, pp. 91357–91382, 2024, doi: 10.1109/ACCESS.2024.3418995.

N. Singh, R. Buyya, and H. Kim, “Securing Cloud-Based Internet of Things: Challenges and Mitigations,” Sensors, vol. 25, no. 1, Art. no. 1, Jan. 2025, doi: 10.3390/s25010079.