Democratizing a Cyber Security Toolkit for SMEs & MEs

IBM’s AI Privacy Toolkit is a set of open-source tools designed to help organizations build more trustworthy AI solutions. It bundles together several practical tools and techniques related to the privacy and compliance of AI models. The toolkit is designed to be used by model developers (like data scientists) as part of their existing ML […]

Project partners united for a General Assembly of the CyberKit4SME project on June 19-21, 2023. The meeting was graciously hosted by  SINTEF in Norway, Oslo. The consortium discussed the current status, the changes in the project and the plans for successfully completing the project in November 2023.  

In the previous blog post, we provided a high-level overview of what CTI data are and how Sogei’s CERT collects them from reliable CTI feeds via OpenCTI. In this article, we detail how Sogei’s CERT sends this information to Service Ledger (SL), according to STIX/TAXII standards, to share it securely with other CERTs and/or SMEs. […]

Abstract: We present a first-of-a-kind end-to-end framework for running privacy risk assessments of AI models that enables assessing models from multiple ML frameworks, using a variety of low-level privacy attacks and metrics. The tool automatically selects which attacks and metrics to run based on answers to questions, runs the attacks, summarizes and visualizes the results in an easy-to-consume manner.

Abstract: We are currently seeing an increase in the use of voice assistants which are used for various purposes. These assistants have a wide range of inbuilt functionalities with the possibility of installing third-party applications. In this work, we will focus on analyzing and identifying vulnerabilities that are introduced by these third-party applications. In particular, we will build third-party applications (called Skills) for Alexa, the voice assistant developed by Amazon. We will analyze existing exploits, identify accessible data and propose an adversarial framework that deceives users into disclosing private information. For this purpose, we developed four different malicious Skills that harvest different pieces of private information from users. We perform a usability analysis on the Skills and feasibility analysis on the publishing pipeline for one of the Skills.

Abstract: Small and medium enterprises (SMEs) make up a significant part of European economies. They are often described as poorly place to deal with cyber risks though because of resource constraints or commercial interests. Providing appropriate tooling would facilitate a greater appreciation of the risks and provide mitigation strategies. In a series of workshops demonstrating visualization tools for cybersecurity, constructs from healthcare models such as awareness, self-efficacy, and a willingness to engage were investigated to throw light on the likelihood that the technologies would be adopted. Although most constructs were validated, it turns out that self-efficacy could more appropriately be interpreted as a desire to understand a broader company narrative rather than empowering any individual to identify and manage cyber risk. As part of an ongoing examination of technology acceptance, this work provides further evidence that technology must be contextualized to make sense for the individual as part of the SME rather than as individual employee.