Democratizing a Cyber Security Toolkit for SMEs & MEs

Helping SMEs and MEs analyse, forecast and manage cyber security and data protection risks.

Project Introduction

This video introduces our project.

Making SMEs & MEs more cyber-resilient

The project will use its tools and cyber range demos to train SMEs/MEs to identify their top threats and recognize and address them with greater confidence. Results will be validated by SME/ME in four critical sectors.

Latest News

News
Really understanding technology adopters’ cybersecurity needs

With the CyberKit4SME project coming to an end, there are a whole number of things that we need to consider. As we’ve improved and integrated different technologies, working with our end-user partners to validate each step of the way, another picture has started to emerge. We’ve been reporting our findings as we’ve gone along in […]

News

Check out this insightful video from our amazing partner VISUAPPS GmbH. ! Really resonates with our current project goals. In this video, VISUAPPS is showcasing the impressive work on the project and how it’s been tackling various cybersecurity scenarios in the healthcare sector.

Events
CyberKit4SME representation at the Security Cloud Week organized by @Microsoft

Excited to represent @Inetum at #SecurityCloudWeek organized by @Microsoft! Grateful for the opportunity to showcase our commitment to cybersecurity through the #CyberKit4SME project. Together, we’re building a safer digital future! #TechCollaboration #CyberSecurity

Latest Publications

publications
An end-to-end framework for privacy risk assessment of AI models

Abstract: We present a first-of-a-kind end-to-end framework for running privacy risk assessments of AI models that enables assessing models from multiple ML frameworks, using a variety of low-level privacy attacks and metrics. The tool automatically selects which attacks and metrics to run based on answers to questions, runs the attacks, summarizes and visualizes the results in an easy-to-consume manner.

publications
Private Data Harvesting on Alexa using Third-Party Skills

Abstract: We are currently seeing an increase in the use of voice assistants which are used for various purposes. These assistants have a wide range of inbuilt functionalities with the possibility of installing third-party applications. In this work, we will focus on analyzing and identifying vulnerabilities that are introduced by these third-party applications. In particular, we will build third-party applications (called Skills) for Alexa, the voice assistant developed by Amazon. We will analyze existing exploits, identify accessible data and propose an adversarial framework that deceives users into disclosing private information. For this purpose, we developed four different malicious Skills that harvest different pieces of private information from users. We perform a usability analysis on the Skills and feasibility analysis on the publishing pipeline for one of the Skills.

It’s Not My Problem: How Healthcare Models relate to SME Cybersecurity Awareness snippet
publications
It’s Not My Problem: How Healthcare Models relate to SME Cybersecurity Awareness

Abstract: Small and medium enterprises (SMEs) make up a significant part of European economies. They are often described as poorly place to deal with cyber risks though because of resource constraints or commercial interests. Providing appropriate tooling would facilitate a greater appreciation of the risks and provide mitigation strategies. In a series of workshops demonstrating visualization tools for cybersecurity, constructs from healthcare models such as awareness, self-efficacy, and a willingness to engage were investigated to throw light on the likelihood that the technologies would be adopted. Although most constructs were validated, it turns out that self-efficacy could more appropriately be interpreted as a desire to understand a broader company narrative rather than empowering any individual to identify and manage cyber risk. As part of an ongoing examination of technology acceptance, this work provides further evidence that technology must be contextualized to make sense for the individual as part of the SME rather than as individual employee.