Democratizing a Cyber Security Toolkit for SMEs & MEs

Helping SMEs and MEs analyse, forecast and manage cyber security and data protection risks.

Making SMEs & MEs more cyber-resilient

The project will use its tools and cyber range demos to train SMEs/MEs to identify their top threats and recognize and address them with greater confidence. Results will be validated by SME/ME in four critical sectors.

Latest News

News
CyberKit4SME and Global Cyber Alliance kick-off

We had a fruitful discussion with the @GlobalCyberAlln Team yesterday. We are excited about the cross-project collaboration and an exciting journey in the Cybersecurity domain. #CyberSecurity #SME #CyberKit4SME #GlobalCyberAlliance

Events
Fine-grained access control for Healthcare FHIR data with secure, non-repudiable logging

Authors of the blog post: members from the CyberKit4SME and HEIR projects. In this blog, we examine how the technologies for securing data being developed by the EU H2020 projects, HEIR and CyberKit4SME, can be combined to provide a highly innovative, non-repudiable log of access to medical FHIR data.  This log itself is secured by […]

Events
Information Sharing: public-private

CERT Sogei, involved in our project, was present today at the webinar on “Public-Private Information Sharing” organized by the CYBER 4.0 – Cybersecurity Competence Center Competence Center, in collaboration with the Agenzia per la Cybersicurezza Nazionale. It was a very stimulating moment of confrontation in which we participated with the intervention of Sogei’s Project Manager for CyberKit4SME […]

Latest Publications

publications
An end-to-end framework for privacy risk assessment of AI models

Authors: Abigail Goldsteen, Shlomit Shachor, and Natalia Raznikov   We present a first-of-a-kind end-to-end framework for running privacy risk assessments of AI models that enables assessing models from multiple ML frameworks, using a variety of low-level privacy attacks and metrics. The tool automatically selects which attacks and metrics to run based on answers to questions, […]

publications
Private Data Harvesting on Alexa using Third-Party Skills

Abstract: We are currently seeing an increase in the use of voice assistants which are used for various purposes. These assistants have a wide range of inbuilt functionalities with the possibility of installing third-party applications. In this work, we will focus on analyzing and identifying vulnerabilities that are introduced by these third-party applications. In particular, we will build third-party applications (called Skills) for Alexa, the voice assistant developed by Amazon. We will analyze existing exploits, identify accessible data and propose an adversarial framework that deceives users into disclosing private information. For this purpose, we developed four different malicious Skills that harvest different pieces of private information from users. We perform a usability analysis on the Skills and feasibility analysis on the publishing pipeline for one of the Skills.

It’s Not My Problem: How Healthcare Models relate to SME Cybersecurity Awareness snippet
publications
It’s Not My Problem: How Healthcare Models relate to SME Cybersecurity Awareness

Abstract: Small and medium enterprises (SMEs) make up a significant part of European economies. They are often described as poorly place to deal with cyber risks though because of resource constraints or commercial interests. Providing appropriate tooling would facilitate a greater appreciation of the risks and provide mitigation strategies. In a series of workshops demonstrating visualization tools for cybersecurity, constructs from healthcare models such as awareness, self-efficacy, and a willingness to engage were investigated to throw light on the likelihood that the technologies would be adopted. Although most constructs were validated, it turns out that self-efficacy could more appropriately be interpreted as a desire to understand a broader company narrative rather than empowering any individual to identify and manage cyber risk. As part of an ongoing examination of technology acceptance, this work provides further evidence that technology must be contextualized to make sense for the individual as part of the SME rather than as individual employee.