The SMESEC (Protecting Small and Medium-sized Enterprises digital technology through an innovative cyber-SECurity framework) consortium, coordinated by Atos Spain, released the first public version of the SMESEC Framework, a unified framework for Small and Medium-Sized Enterprises (SMEs). SMESEC helps SMEs to be protected against cyberattacks and from the technical and awareness point of views. The project was a three-year multidisciplinary innovation action co-funded by the European Commission and the Swiss State Secretariat for Education, Research and Innovation in the context of Horizon 2020, the EU Framework Programme for Research and Innovation. In comparison to other approaches, the SMESEC framework targets SMEs’ specific needs and is priced with the SME’s budget in mind.
Cybersecurity has become a critical problem for SMEs. According to the Verizon 2019 Data Breach Investigations Report, 43% of cyberattacks target small businesses, as opposed to large companies. Among the most common problems are attacks of the SME’s IT infrastructure with hacking and malware. At the same time, social attacks and errors or misuse of employees together also concern about half of the SMEs. According to the Cybercrime Magazine, 60% of small companies go out of business within six months after a critical cyber incident.
The SMESEC Framework allows the end-user SME to self-assess its security status, secure its IT infrastructure, and develop a security-in-mind culture among its employees. The framework dashboard provides to its end-user SMEs, the ability to understand its security level and what the immediate steps are to become more secure. Christos Tranoris from sense.city (Greece): “It was easy to retrieve and query for security events.” The technical controls included in the framework are intuitive and can easily be used by the SME for protecting computers, servers, and network and for detecting various incidents. Simon Gassmann from Quilvest (Switzerland): “We could add a layer of security that protects us from attacks.”
The SMESEC Framework also encourages the end-user SME to appoint a Chief Information Security Officer (CISO), even as a part-time role. The framework offers awareness of cyberthreats, vulnerabilities, and risks to the CISO. Andreas Last from Grid Pocket (France): “SMESEC gave us holistic awareness about cybersecurity.” It provides step-by-step guidance for installing controls. Olmo Rayon, from Worldsensing (Spain): “The questions offered by SMESEC are so valuable for a CISO at the beginning of the career. SMESEC offers any company wanting to make its employees aware and have a clear overview of how to secure the company a structured way of assessing and planning.” It also provides training for the employees in defending the company against attacks and other incidents. Amalia Kakaroumpa from Myrtian Blue Events (Greece): “I learned the basics of Spam and Phishing.”
The SMESEC Framework also includes specialised tools for SMEs that offer digital products, services, and solutions, allowing these SMEs to enhance their business with cybersecurity. Jordi Cucurull from Scytl (Spain): “The SMESEC framework provided valuable insights into the security of our company and gave us, offering electronic voting solutions, security advantages that turned into business opportunities.”
The SMESEC consortium developed and piloted the SMESEC framework with twelve SMEs of diverse sizes, types, and industries. Four of the SMEs are members of the consortium, and the others joined for trying SMESEC and evaluating its impact with an open call. The SMESEC framework and tools were installed and tested within these SMEs. Several workshops were conducted to understand the SMEs’ needs and impact of the SMESEC solution.
Jose Francisco Ruiz, the project coordinator, reflected on how this new cybersecurity approach could help SMEs in Europe: “SMEs want to go digital, but they are worried about the cost and their exposure to hackers. With our solution, we want to help the SMEs to protect their business and their employees; both are equally important. Also, we discussed with SMEs their economic situation and found a realistic strategy.”
Atos Spain, the coordinator of the project, thanks to its experience in the management of European research projects and business development, has taken part in the conception, production, integration and delivery of the SMESEC Framework. Moreover, Atos has also contributed in several technical activities – such as the management of requirements, system modules development, and testing and validation of the solution – to ensure the success of the final deployment in Europe. Finally, Atos has brought to SMESEC enhancements of its IEM tool, which provides event correlation for the detection of security incidents, integrating sensors from different solutions in the project, providing real-time alerts, and reporting and visualisation capabilities.
The project has brought a refined solution that has been tested with external companies and a red team to increase its resilience. Discussions with SMEs have shown that the SMESEC solution meets these SMEs’ needs and concerns and is considered very helpful for them. SMESESC doesn’t only allow the SMEs to use tools that fit their business well but also provides cybersecurity training and self-assessment for their employees. These capabilities, together with a tailor-made business strategy, make SMESEC attractive SMEs, which represent the majority of the European economy.
About SMESEC
SMESEC is a co-funded project of the European Commission and the Swiss State Secretariat for Education, Research and Innovation under the field of Information and Communication Technologies (ICT) of the H2020 Framework Program. The project started in June 2017 and is coordinated by Atos. It involves the following partners: Worldsensing (Spain), Panepistimio Patron (Greece), Foundation for Research and Technology Hellas (Greece), Easy Global Market www.smesec.eu (France), SCYTL Secure Electronic Voting (Spain), GridPocket (France), Fachhochschule Nordwestschweiz FHNW (Switzerland), Citrix (Greece), IBM Israel - Science and Technology (Israel), BitDefender (Romania), and Universiteit Utrecht (Netherlands).
More information about the project is available at www.smesec.eu
Contact Jose Francisco Ruiz, Atos Research & Innovation, josefrancisco.ruiz@atos.net, +34 91 214 8483
Follow us on Twitter @SMESEC_EU