Democratizing a Cyber Security Toolkit for SMEs & MEs

Helping SMEs and MEs analyse, forecast and manage cyber security and data protection risks.

Project Introduction

This video introduces our project.

Making SMEs & MEs more cyber-resilient

The project will use its tools and cyber range demos to train SMEs/MEs to identify their top threats and recognize and address them with greater confidence. Results will be validated by SME/ME in four critical sectors.

Latest News

Distance based metrics using holdout data
News
AI Privacy Toolkit gets a boost on dataset assessment in latest release

IBM’s AI Privacy Toolkit is a set of open-source tools designed to help organizations build more trustworthy AI solutions. It bundles together several practical tools and techniques related to the privacy and compliance of AI models. The toolkit is designed to be used by model developers (like data scientists) as part of their existing ML […]

Events
A Face-to-Face General Assembly of CyberKit4SME hosted by SINTEF in Norway, Oslo in June 2023

Project partners united for a General Assembly of the CyberKit4SME project on June 19-21, 2023. The meeting was graciously hosted by  SINTEF in Norway, Oslo. The consortium discussed the current status, the changes in the project and the plans for successfully completing the project in November 2023.  

News
Sogei’s CERT and Service Ledger integration

In the previous blog post, we provided a high-level overview of what CTI data are and how Sogei’s CERT collects them from reliable CTI feeds via OpenCTI. In this article, we detail how Sogei’s CERT sends this information to Service Ledger (SL), according to STIX/TAXII standards, to share it securely with other CERTs and/or SMEs. […]

Latest Publications

publications
An end-to-end framework for privacy risk assessment of AI models

Abstract: We present a first-of-a-kind end-to-end framework for running privacy risk assessments of AI models that enables assessing models from multiple ML frameworks, using a variety of low-level privacy attacks and metrics. The tool automatically selects which attacks and metrics to run based on answers to questions, runs the attacks, summarizes and visualizes the results in an easy-to-consume manner.

publications
Private Data Harvesting on Alexa using Third-Party Skills

Abstract: We are currently seeing an increase in the use of voice assistants which are used for various purposes. These assistants have a wide range of inbuilt functionalities with the possibility of installing third-party applications. In this work, we will focus on analyzing and identifying vulnerabilities that are introduced by these third-party applications. In particular, we will build third-party applications (called Skills) for Alexa, the voice assistant developed by Amazon. We will analyze existing exploits, identify accessible data and propose an adversarial framework that deceives users into disclosing private information. For this purpose, we developed four different malicious Skills that harvest different pieces of private information from users. We perform a usability analysis on the Skills and feasibility analysis on the publishing pipeline for one of the Skills.

It’s Not My Problem: How Healthcare Models relate to SME Cybersecurity Awareness snippet
publications
It’s Not My Problem: How Healthcare Models relate to SME Cybersecurity Awareness

Abstract: Small and medium enterprises (SMEs) make up a significant part of European economies. They are often described as poorly place to deal with cyber risks though because of resource constraints or commercial interests. Providing appropriate tooling would facilitate a greater appreciation of the risks and provide mitigation strategies. In a series of workshops demonstrating visualization tools for cybersecurity, constructs from healthcare models such as awareness, self-efficacy, and a willingness to engage were investigated to throw light on the likelihood that the technologies would be adopted. Although most constructs were validated, it turns out that self-efficacy could more appropriately be interpreted as a desire to understand a broader company narrative rather than empowering any individual to identify and manage cyber risk. As part of an ongoing examination of technology acceptance, this work provides further evidence that technology must be contextualized to make sense for the individual as part of the SME rather than as individual employee.