Madrid, May 27, 2020 – The SMESEC (Protecting Small and Medium-sized Enterprises digital technology through an innovative cyber-SECurity framework) consortium, coordinated by Atos Spain, released the first public version of the SMESEC Framework, a unified framework for Small and Medium-Sized Enterprises (SMEs). SMESEC helps SMEs to be protected against cyber-attacks and from the technical and awareness point of views. The project was a three-year multi-disciplinary innovation action co-funded by the European Commission and the Swiss State Secretariat for Education, Research and Innovation in the context of Horizon 2020, the EU Framework Programme for Research and Innovation. In comparison to other approaches, the SMESEC framework targets SMEs’ specific needs and is priced with the SME’s budget in mind.
Cybersecurity has become a critical problem for SMEs. According to the Verizon 2019 Data Breach Investigations Report, 43% of cyberattacks target small businesses, as opposed to large companies. Among the most common problems are attacks of the SME’s IT infrastructure with hacking and malware. At the same time, social attacks and errors or misuse of employees together also concern about half of the SMEs. According to the Cybercrime Magazine, 60% of small companies go out of business within six months after a critical cyber incident.
The SMESEC Framework allows the end-user SME to self-assess its security status, secure its IT infrastructure, and develop a security-in-mind culture among its employees. The framework dashboard provides to its end-user SMEs, the ability to understand its security level and what the immediate steps are to become more secure. Christos Tranoris from sense.city (Greece): “It was easy to retrieve and query for security events.” The technical controls included in the framework are intuitive and can easily be used by the SME for protecting computers, servers, and network and for detecting various incidents. Simon Gassmann from Quilvest (Switzerland): “We could add a layer of security that protects us from attacks.”
The SMESEC Framework also encourages the end-user SME to appoint a Chief Information Security Officer (CISO), even as a part-time role. The framework offers awareness of cyberthreats, vulnerabilities, and risks to the CISO. Andreas Last from Grid Pocket (France): “SMESEC gave us holistic awareness about cybersecurity.” It provides step-by-step guidance for installing controls. Olmo Rayon, from WorldSensing (France): “The questions offered by SMESEC are so valuable for a CISO at the beginning of the career. SMESEC offers any company wanting to make its employees aware and have a clear overview of how to secure the company a structured way of assessing and planning.” It also provides training for the employees in defending the company against attacks and other incidents. Amalia Kakaroumpa from Myrtian Blue Events (Greece): “I learned the basics of Spam and Phishing.”
The SMESEC Framework also includes specialised tools for SMEs that offer digital products, services, and solutions, allowing these SMEs to enhance their business with cybersecurity. Jordi Cucurull from Scytl (Spain): “The SMESEC framework provided valuable insights into the security of our company and gave us, offering electronic voting solutions, security advantages that turned into business opportunities.”
The SMESEC consortium developed and piloted the SMESEC framework with twelve SMEs of diverse sizes, types, and industries. Four of the SMEs are members of the consortium, and the others joined for trying SMESEC and evaluating its impact with an open call. The SMESEC framework and tools were installed and tested within these SMEs. Several workshops were conducted to understand the SMEs’ needs and impact of the SMESEC solution.
Prof. Sotiris Ioannidis, principal researcher at the Foundation for Research and Technology-Hellas(FORTH) reflected on cybersecurity approach developed by the SMESEC consortium for the protection of SMEs in Europe: “SMEs in Europe are turning digital without full knowledge of the cybersecurity risks entailed in their endeavour. SMESEC’s solution is an attractive proposition for the European SME ecosystem as it includes both the security solutions to tackle potential threats but also the tools and training to raise their cybersecurity awareness”
FORTH, participated in the project as a solution provider and the task leader of the Open Call action. The team of Prof. Ioannidis has developed and contributed to the SMESEC platform the following research based solutions (i) a novel Early Warning Intrusion detection System(EWIS) that is built upon diverse honeypot solutions, able to detect attacks against known services, amplification DoS attacks, SSH attacks and IoT devices (ii) an IDS solution for detecting intra- and inter- attacks targeting Cloud-based applications. It also participated in all integration and evalution actions as well as the design and delivery of the final SMESEC platforms.
The project has brought a refined solution that has been tested with external companies and a red team to increase its resilience. Discussions with SMEs have shown that the SMESEC solution meets these SMEs’ needs and concerns and is considered very helpful for them. SMESESC doesn’t only allow the SMEs to use tools that fit their business well but also provides cybersecurity training and self-assessment for their employees. These capabilities, together with a tailor-made business strategy, make SMESEC attractive SMEs, which represent the majority of the European economy.
About SMESEC SMESEC is a co-funded project of the European Commission and the Swiss State Secretariat for Education, Research and Innovation under the field of Information and Communication Technologies (ICT) of the H2020 Framework Program. The project started in June 2017 and is coordinated by Atos. It involves the following partners: WorldSensing (Spain), Panepistimio Patron (Greece), Foundation for Research and Technology Hellas (Greece), Easy Global Market (France), SCYTL Secure Electronic Voting (Spain), GridPocket (France), Fachhochschule Nordwestschweiz FHNW (Switzerland), Citrix (Greece), IBM Israel - Science and Technology (Israel), BitDefender (Romania), and Universiteit Utrecht (Netherlands).
More information about the project is available at www.smesec.eu
ContactProf. Sotiris Ioannidis, FORTH-ICS, sotiris@ics.forth.gr, +30 2810-391945 Follow us on Twitter @SMESEC_EU
