The document discusses the cybersecurity challenges and needs of small and medium enterprises (SMEs), highlighting issues such as awareness, motivation, and costs associated with data breaches. It outlines a tailored smesec framework, offering detection, protection, and training tools specifically designed for SMEs to improve their cybersecurity posture. Additionally, it mentions a beta program providing early access to smesec tools and a survey for feedback to enhance SME cybersecurity solutions.

1. Cybersecurity
Needs and Barriers
of SMEs

2. Samuel Fricker, Ph.D.
Professor of Requirements
Engineering, FHNW
Assistant Professor, Blekinge
Institute of Technology
SME Experiences
−Bonseyes (Startup)
−International Software Product
Management Association (Association)
−Zuehlke (Services)
−Fuchs-Informatik (Services)
−Spectralab (Products)

3. www.smesec.eu

4. Tagesschau, September 9, 2018, 19:30PM
Swiss top news programme, 600’000 watchers
Ransom Attack

5. SMEs – the new Target
Source: Symantec
Spear-Phishing Attacks by Company Size

6. Challenge: Awareness

7. Challenge: Motivation

8. Cost of a Data Breach

9. Challenge:
Feasibility
Find it here
https://twitter.com/SMESEC_EU/
status/1052458704426033152

11. Detection and Alerting: properly identify cybersecurity-related risks for the
organization (systems, assets, users, data, etc.), incorporate a tailor-made
cybersecurity solution and discover cybersecurity events in real-time
Protection and Response: employ appropriate safeguards for the
organization and response & recovery plans for detected cybersecurity
incidents
Awareness Strategy: SME-tailored tools and methods to increase in-house
awareness, participating/organising events and with promotion of self-
evaluation mechanisms
Training Courses and Material: SMESEC Framework specially designed
training material for understanding and employing a robust cybersecurity
system
Human oriented
Technical oriented

12. SMESEC Framework: Tools
Detection and Alerting
Risk Assessment Engine
Analysis the business profile of the organization and provides a
report of vulnerabilities at both technical and management level
EGM TaaS
Provides access to a test database for ensuring of confidence in
the security of IoT systems
IBM AngelEye
Test multiple inputs to an application’s source code or binary to
check if it can be exploited
IBM ExpliSAT
Test the source code of an application with a fuzzing engine to
find runtime vulnerabilities
IBM AntiROP
Solution for patching exploits in systems using the ROP technique
Protection and Response
BitDefender Total Security and GravityZone
Antimalware, antivirus, anti-ransomware, anti-phishing, and
firewall solutions for endpoints
CITRIX NetScaler
Secure internal and external communications with VPNs, secure
web gateways and web application firewalls
Atos XL-SIEM
Centralized management of security events and alerts in real
time
FORTH EWIS
Engine for detecting if attacks are being executed in a network,
with a special engine for detecting DDoS attacks

13. Beta Programme
Preview: Early 2019
• Early access to SMESEC coach and tools
• Requested: feedback (low effort)
Open Call: Mid 2019
• Access to SMESEC coach and tools (full beta)
• Funding opportunity for participation
Start here:
www.smesec.eu/survey

14. Thank You
www.smesec.eu