Today, cybersecurity remains a central topic in the international and national agendas, and is gaining importance within the private sector. Large corporations and MSMEs are increasingly becoming aware of the need to equip themselves with the right tools and strategies to prevent and respond effectively to any cyber threat. Based on ENISA’s classification of the “top 15 cyber-threats in Europe”, this report highlights main finings in terms of level of awareness and preparedness of EU MSMEs on cybersecurity and. As expected, while still maintaining its “EU relevance”, the topic of cyber-readiness seems particularly urgent for micro and small medium enterprises established in Southern/Balkan regions and operating in non-ICT dominant sectors. Results suggest that the cyber-lag experienced by the vast majority of EU MSMEs is firstly and foremost and issue of culture and cultural understating. Despite the numerous initiatives implemented at EU level to increase the awareness on the topic, EU SMEs are still failing to comply with the very essentials of cybersecurity. As final Intellectual Output of the project, partners compiled already two different document, one addressed to the community of practice of cyber education, and the other to policy makers and public’s representatives in charge of policy actions for private sectors’ competitiveness, digitalisation and education and training in general. The experience gathered by partners throughout this 2-year period of implementation of the CYBER MSME project, allowed them to consolidate key triggers, guidelines and recommendations to sustain project’s replicability, and most importantly, the benefits that CYBER-like initiatives can bring at EU level In its The EU’s Cybersecurity Strategy for the Digital Decade (2020), the European Commission analyses and reviews the measures implemented at European level and anticipates future developments in the cybersecurity domain. Despite the number of initiatives and a general awareness in the cybersecurity field, Europe has not yet reached a sufficient level of cooperation with national authorities. National authorities do not systematically collect and disseminate data that could help the EU to develop situational awareness. Currently, there is only a limited “mutual operational assistance” among member states: there is no “operational mechanism” among member states, EU institutions, agencies and bodies, capable of guaranteeing an effective protection and response scheme in case of large - scale and cross - border cyber - attacks. The EU is faced with heterogeneous security regulations and several levels of cybersecurity maturity in the Member States: these are obstacles to an effective cross - border collaboration. It is crucial that future regulatory changes are the same in all Member States so that EU enterprises are not subject to different levels of security, the global pandemic of COVID-19 has shown the importance of collaboration and coordination at global level also in the area of cybersecurity. The increasing awareness of enterprises on possible cyber threats has led cyber criminals to adapt their attack’s schemes. As described in the report “Emerging trends” by ENISA (2020), cybercriminals are taking advantage of the pandemic: they are increasingly well-prepared and use more sophisticated tools. This result, which is a sign of a general response of the enterprises to cyber threats, also shows the need to constantly implement cybersecurity procedures and tools, adapting IT systems to new conditions. The future workforce needs to possess both knowledge, skills and life-learning mindset to quickly adapt to market needs and technological advances. Elements that can train the future workforce in digital skills (i.e. logical thinking, critical analysis, coding and algorithms) require an adaptation of the current educational system For a full overview of this project’s deliverable, and all other resources made available by partners, please consult: https://www.cybermsme.eu/
Cybercrime is the fastest-growing form of criminal activity and appears to be targeting a specific segment of our economies. According to the latest figures, the economic impact of cybercrime rose fivefold between 2013 and 2017, and microenterprises and SMEs (MSMEs) – the backbone of the EU economy – are disproportionally impacted by the phenomenon. Despite MSMEs being the most vulnerable group to the growing threat posed by cyberattacks, MSMEs are very seldom aware of the risks they face, let alone be prepared for them. In 2019, an industry report estimated that 66% of senior decision-makers in small businesses believe they are unlikely to be a target of online criminals (Keeper), whereas UNIPOL calculated that 14% of MSMEs are prepared to tackle cyber threats (2018). Throughout 2021, CYBER MSME’ partners carried out a detailed and very comprehensive report which highlighted: • State of MSMEs’ cyber-threats preparedness and awareness • Identification of best practices as regards MSMEs support in the area of cybersecurity • Further recommendations in the domain of innovation and competitiveness for private sector The wealth of knowledge gathered by participating organisations on MSMEs cyber resilience has been finally consolidated in an official document “Guidelines implementation of project results” that is intended to provide for STKHs and group of interests key coordinates to implement within their ecosystem of practice Cyber MSME-inspired initiatives – or transfer as a whole into their initiatives the resources made available by partners. From a more metaphorical perspective, the document can be intended as the digital legacy of the project: a storytelling on how to carry out capacity building programmes aimed at strengthening the IT and cyber readiness of small and micro-enterprises. The vast majority of these inputs stems from the deployment of the CYBER-MSME curricula in pilot version implemented by partners as formal activity of Intellectual Output 3 so as to validate the into-practice operationalisation, and the pedagogical reliability, of the training material. The aforementioned document – available for free, in open access format and in multilanguage version via the official Open Education Resource Platform of the project – is very concise and comprehensive, so as to ease and maximise as much as possible its readability from users: 1. The first section introduces readers to the general scale and scope of the project, and details specific learning outcomes developed by partners, and tested with targets 2. The second-deep dives into the cyber security professional’s profile as envisioned by partners – informed by the needs-assessment carried out at transnational level in preparation of the curricula 3. The third highlights content, structure and methodology of the pilot programme and the functionalities of the OER platform as a support tool to the testing phase 4. Finally, a robust set of key recommendations and takeaways compiled by trainers and teachers, that readers and interested STKHs can leverage on to fine-tune and tailor their deployment strategy All in all, this set of guidelines is intended to upscale the impact of CYBER-MSME even beyond the formal life cycle of the project, easing the replicability and portability of its deliverables, and most importantly, their functionalities and into-practice implementation. CYBER MSM contributed to give continuity to an important stream of initiatives co-financed by the E+ Programme aimed at strengthening the digital and cyber literacy of EU private sector. For more information about the project, please consult: https://www.cybermsme.eu/
GENTLAB, the partner from Romania, organised and hosted a Multiplier Event in Bucharest, on 5th July 2022 called Cyber Security - extravagance or necessity in the life of SMEs? Our goal was to disseminate Cyber MSME project for 50 participants, gathering our stakeholders and our partners that we work with in order to present them the OER platform, training content, toolkits and all intellectual outputs of Cyber MSME project with a focus on practical ways of applying them in their small & medium enterprises. The multiplier event was presented by one member of our team who presented the CyberMSME project to our target group, entrepreneurs MSME, representants of high schools, employees, job seekers, IT specialists and VET ecosystem representatives, encouraging them to access the learning resources any time they need valuable information, accessible on a free basis. Our main topics were: Presentation of the CyberMSME project Cyber security, more than a trendy concept Cyber security: essential aspect in the activity of SMEs Questions and answers, summary and closing of the conference, networking The multiplier event was well received by the audience, as we received only excellent appreciations and gratitude for all the partners' efforts in the development of this project. The participants confirmed that this Cyber MSME project will have a strong impact for their SME and VET ecosystem.
Internet Web Solutions organised and hosted a Multiplier Event called Cyber MSME International Multiplier Event and Workshop for Professionals in Malaga on 25.04.2022. IWS held this event in collaboration with its associated partner TRIBEKA. This M.E. aimed to exploit and mainstream Cyber MSME (products, training, content and platform) at technology, practice and research levels. The event was organised to present all Cyber MSME intellectual outputs and their relevance at policy and practice levels to improving the cybersecurity skills and competencies of micro, small & medium enterprises and participants in the VET ecosystem. Twenty people representing the target group, enterprises, entrepreneurs and VET ecosystem representatives attended the multiplier event. During the event, the following points were introduced: • Introduction: Cyber MSME in the context of the Erasmus Plus Programme • Operational overview of Cyber MSME: Consortium, Target and Objectives • Cyber MSME Main Results: OER Platform Structure and Outputs • Cyber MSME Main Results: 4 outputs • Cyber MSME free online training courses • Panel discussion: Improving cybersecurity skills and competencies of micro, small & medium enterprises All attendees were interested in the information provided and considered the project helpful in knowing more about cybersecurity and improving the security online for SMEs and entrepreneurs.
The analysis of results and key takeaways emerged from our international assessment of cyber-threats for micro-, small and medium-sized enterprises in the EU highlighted four critical areas of interest for the cyber-empowerment, upskilling and IT-readiness of EU MSMEs: Outline of a cyber-resilience framework that is specific to MSMEs’ needs Raising awareness on the risk management frameworks, their applicability, and benefits Making cybersecurity more accessible – including making it more understandable to non-cyber literate Promoting voluntary and compulsory trainings among employees Supporting development of simplified security protocols that can be operationalized with limited extra costs Based on the above, and following internal brainstorming among partners on how to tackle these specific focuses, the Cyber MSMEs project proposes its own education and training curricula on the very essentials of cyber-readiness for MSMEs. The education framework is designed as follows: Traning modules & educational contents Responsible Partner ICT Tools to prevent and recognize Cyber Risk in the Digital World Basics of Cybersecurity. Comprehending the Fundamental Rules of Cybersecurity Internet Web Solutions, IWS (Spain) European landscape of cybersecurity: policies and support strategies DigComp 2.1 for cyber-awareness Institut de Haute Formation aux Politiques Communautaires, IHF (Belgium) Coping with uncertainty, ambiguity & risk in a cyber-environment: EntreComp for Cyber-MSME Managerial models to monitor, evaluate and assess cyber-readiness IDP European Consultants, IDP (Italy) Understand security to keep cyber threats away in your SME Ethical hacking - in times of cybernetic attacks and digital threats Gentlab (Romania) Social engineering - users are the weakest link Human-centred Design vs. Company priorities – shortening the path of reporting bugs for the user as a benefit for the company's security Crisis management - they hacked me, what next? Fundamentals of privacy in the network, VPN, TOR - overview, application, threats Additional materials – toolkits: Improve your cybersecurity management plan — best practices How to recognize credible URLs? Guidelines Your inventory list. Template Essential router security tips. Enhance your network security with few basic steps Cybersecurity on a budget. How to protect your business when every cent counts Customized Training Solutions, CTS; Center for Social and Economic Research, CASE (Poland) All material is available for free, in opens access and in multilanguage version (EN, PL, ES, IT, RO) by consulting out official Open Education Resource Platform.
Cybercrime is the fastest-growing form of criminal activity and appears to be targeting a specific segment of our economies. According to the latest figures, the economic impact of cybercrime rose fivefold between 2013 and 2017, and microenterprises and SMEs (MSMEs) – the backbone of the EU economy – are disproportionally impacted by the phenomenon. Despite MSMEs being the most vulnerable group to the growing threat posed by cyberattacks, MSMEs are very seldom aware of the risks they face, let alone be prepared for them. In 2019, an industry report estimated that 66% of senior decision-makers in small businesses believe they are unlikely to be a target of online criminals (Keeper), whereas UNIPOL calculated that 14% of MSMEs are prepared to tackle cyber threats (2018). The European Commission acknowledged the pressing need to equip micro and small businesses with competences and tools to tackle cyber threats to make them more resilient in case of cyber-attacks. Not only are “skills shortages” already “hindering SMEs”, but also these are expected to grow in the future, to the point that “Europe will face a projected skills gap of 350.000 cybersecurity professionals by 2022”. Throughout 2021, Cyber MSME’ partners carried out a detailed and very comprehensive report which highlighted: • State of MSMEs’ cyber-threats preparedness and awareness • Identification of best practices as regards MSMEs support in the area of cybersecurity • Further recommendations in the domain of innovation and competitiveness for private sector Key takeaways concern the overall lag of EU MSMEs in terms of awareness of and preparedness to deal with proliferating cyber-threats, among the most common and “pressing” challenge cited by literature. Other structural challenges that undermine greater preparedness of the MSMEs also include low cybersecurity awareness of the personnel, inadequate protection of critical and sensitive information, lack of budget, lack of dedicated IT and cybersecurity specialists, and lack of suitable cybersecurity guidelines specific to SMEs. For more information, please consult the mapping section of the official Open Educational Resource Platform of the project. Users can access the platform and navigate project’s content completely for free. Soon, partners will upload the training content and educational material (i.e. Cyber MSME’s toolkit) developed on the premises of aforementioned findings. Ppartners identified the preliminary structure of the toolkit properly fine-tuned to accommodate the results of mapping and common needs-assessment/skills-gap.
Officially launched at the very end of 2020, Cyber MSME is an international project co-founded by the Erasmus+ Programme of the European Commission. The project gathers together six partner from 5 different countries (Belgium, Italy, Poland, Romania and Spain) that throughout the following two years will work together to develop, test, consolidate and establish training solutions and operative guidelines to support EU SMEs with their strategic priorities in the domain of digital readiness cyber-efficacy Out of the four major output discussed during proposal, one has already been achieved: the Cyber MSME’s OER (Open Education Resource) Platform. The platform guarantees for the online visibility of the project and, most importantly, the showcase of all major milestones achieved by the strategic partners in the 24-months of project implementation. Each section of the platform stands as the digital repository of data and resources available for users; published in multilanguage version and freely accessible (i.e. no sort of log-in credentials will be ever required). Particularly relevant are both the MAPPING and TRAINING pages; formal e-archive of the transnational analysis conducted upon the status of cyber resilience among European SMEs and the training tolls elaborated consistently with the results emerging from the previous. The NEWS section will be updated on need basis with project’s progresses and other relevant information coming from the EU cyber-ecosystem; both public and private stakeholders operating in the mentioned domain can easily remain updated with Cyber MSMEs’ development by joining the ASSOCIATES of the project, enlarging its “community of practicing” and contributing proactively to its dissemination and international visibility
The consortium joined the online Kick-Off meeting of Cyber-MSME – Cybersecurity for Micro, Small & Medium Enterprises, a project co-financed by Erasmus+ Programme On December 10, 2020, the consortium joined the online Kick-Off Meeting of Cyber-MSME (Cybersecurity for Micro, Small & Medium Enterprises), a Project co-funded by the Erasmus+ Programme of the European Commission, which brings together six Partners from five countries (Belgium, Italy, Poland, Romania and Spain). The Kick-Off Meeting, hosted by CTS Customized Training Solutions SP. Z O.O. (CTS), was originally planned in Brussels, but has been rescheduled online due to COVID-19 restrictions. Cybercrime is the fastest-growing form of criminal activity, and appears to be targeting a specific segment of our economies. According to the latest figures, the economic impact of cybercrime rose fivefold between 2013 and 2017, and microenterprises and SMEs (MSMEs) – the backbone of the EU economy – are disproportionally impacted by the phenomenon. Despite MSMEs being the most vulnerable group to the growing threat posed by cyberattacks, MSMEs are very seldom aware of the risks they face, let alone be prepared for them. In 2019, an industry report estimated that 66% of senior decision-makers in small businesses believe they are unlikely to be a target of online criminals (Keeper), whereas UNIPOL calculated that 14% of MSMEs are prepared to tackle cyber threats (2018). The European Commission acknowledged the pressing need to equip micro and small businesses with competences and tools to tackle cyber threats to make them more resilient in case of cyber-attacks. Not only are “skills shortages” already “hindering SMEs”, but also these are expected to grow in the future, to the point that “Europe will face a projected skills gap of 350.000 cybersecurity professionals by 2022”. The Cyber-MSME project stands as a concrete response to this need. Cyber-MSME will capitalise on the valuable experience of its Partnership to provide MSMEs with innovative and tailored training solutions and tools for MSMEs. In particular, partners will carry out the following activities: a)Develop the Cyber-MSME OER Platform, a repository of knowledge accessible to all, free of charge, in full Open Access mode and in multilingual versions (EN, IT, PO, RO, ES) b)Develop a shared methodology for the mapping of current trends, threats and opportunities and then consolidate the findings in a final report on the basis of which the training and tools will be designed c)Define the professional profile of a Cyber-Security Expert within MSMEs so as to facilitate job matching between demand and supply: enterprises increasingly look for cybersecurity experts, and this makes for a great employment opportunity for young people d)Develop training courses and operational tools tailored to the needs of MSMEs e)Deliver the training to 150 target groups and collect feedback to fine tune the material created f)Develop guidelines to facilitate the uptake of Cyber-MSMEs so as to sustain project results beyond Erasmus co-financing and widen its range of impact
