SMESEC aims at providing a unified security framework for Small Medium Enterprises (SME). SME’s are one of the most important drivers for innovation, but they often tend not properly to plan their cybersecurity defence, either by underestimating the risks and consequences of cyber attacks or by not being capable of keeping pace with the progress in this ever-evolving field. New threats appear on a daily basis, and SMEs are usually unready to protect their IT assets and therefore the business continuity.
The main goal of SMESEC is to identify what are the needs from the SME perspective and translate them into requirements for a unified framework, which will eventually consist of the SMESEC partners’ contributed products. The products can cover a wide range of security market segments, and it is expected that the unification will bring even higher added value to the products and the Framework.
Cybersecurity cannot be reduced as a simple IT solution. Data privacy and protection is mostly ensured by tools but also by your team behavior. The SMESEC consortium aims at encompassing the whole system by offering a broad approach to SMEs cybersecurity.
properly identify cybersecurity-related risks for the organization (systems, assets, users, data, etc.), incorporate a tailor-made cybersecurity solution and discover cybersecurity events in real-time
employ appropriate safeguards for the organization and response & recovery plans for detected cybersecurity incidents
SME-tailored tools and methods to plan in-house cybersecurity capabilities, increase employee awareness, join events, and promote self-evaluation and improvement
SMESEC Framework specially designed training material for understanding and employing a robust cybersecurity system
The first version of the framework will be applied and tested across four diverse SMEs with different platforms and services. During this phase, we will evaluate multiple aspects of the solution like performance, flexibility, usability, common solutions vs. specific use cases, user behavior, etc.
Cybersecurity is somewhat like quality management. Slightest changes may affect the security of a product. Not only the product itself is defining the level of security achieved. Surrounding effects such as shared infrastructures, changing regulatory environments, shifted public perception, or new threats are factors too which may have a drastic impact on the security of a system.
The improvement or maintenance of a certain security standard is thus a demanding task for an SME. Keeping track of the parts is very hard as there is often not enough expertise within the company to identify all weaknesses of the product. SMESEC aims here to give a framework enabling SMEs to keep track of all relevant parts and support them in analysis and scoring.
SMESEC helps SMEs become aware of threats and build capabilities to counter these threats with a threat-oriented incremental approach. The threat-orientation ensures that the SME understands the value of the actions that SMESEC encourages. The incremental approach ensures that capability-building is lightweight and the SME is under control of when to stop.
innovation items to be developed in the project should decrease the usual complexity level of security tools, making them more attractive for adoption by the SMEs. The complexity term refers to usability, but also the installation and updating requirements of these tools.
SMESEC solutions should provide better or at least comparable level of cybersecurity protection to the offered by the available solutions in the market.
Since one of the main entrance barriers of cyber-security solutions in the SMEs ecosystem is the budget constraints, any incremental innovation must keep costs low.
apart from the technical aspects, SMESEC wants to evangelise the importance of cyber-security protection among SMEs. Innovation road-mapping will also consider the development of supporting material to attain this non-technical objective.