PUZZLE Project for Better Cyber Attack Protection

PUZZLE – A Part of the Cyber Security Puzzle Intended for the SME Sector.

In the recent years, cyber security has been one of the key topics, not only in the focus of the professional public, but of the general one, as well. The reasons thereof are clear – damage caused by malicious cyber-attacks to the economy and people throughout the world is measured in billions USD on an annual basis.

If global cybercrime would be a state, it would be the third world economy, right after the USA and the PR China, with around six billion dollar GDP (data for 2022), including the annual growth rate of 15 per cent. Due to its widespread scope, this type of the criminal activity is, in monetary terms, more significant than any damages caused by natural disaster and, at the same time, more profitable than the illegal trafficking of all drugs on the planet.

News on jeopardised cyber security and carried out attacks are mostly covered in media regarding large business systems as targets. Individual citizens are in the focus right after them. However, the truth is that, perhaps, the most frequent victims are the small and medium enterprises (SME) with very restricted resources for the prevention and minimisation of the aforementioned risks.

Cyber Threats in 2022

In the most recent report of ENISA (European Union Agency for cybersecurity), in the period from July 2021 to 2022, around 10 TB sensitive data were stolen, on a monthly basis.

The primary method of jeopardising security and digital integrity is still ransomware – blackmailing software denying access to user to his computer resources and demanding payment of ransom to remove restrictions. Other high intensity threats include DDoS attacks used for crashing particular network services as well as to spreading fake news and information based on the implemented artificial intelligence algorithms, for political or ideological purposes.

Why Are SMEs, in Particular, Affected?

Since the cyber-attacks focused to the elements of the digital infrastructure and data of companies and other organisations become more frequent, sophisticated, and technically advantageous, resources necessary to prevent, stop, and resolve their consequences are getting higher.

By their nature, small and medium enterprises are, indeed, restricted in terms of available resources – material, human, and professional. Using the resources primarily for their business needs, it is hard for SMEs to set aside some additional resources for the cybersecurity purposes. Therefore, this domain is, as a rule, of secondary relevance – until they themselves become the victims of digital crime.

The basic objective of H2020 PUZZLE project is raising awareness and knowledge of SMEs about cyber threats to resist them in a facilitated manner. Using the state-of-the-art technologies, such as artificial intelligence (AI), trustworthy computing, and blockchain, small and medium enterprises will be able to improve their security and efficiently process information flows, thereby achieving collaboration in the knowledge exchange processes.

Sombre statistics
  • 61% SMEs were exposed to cyber-attacks during 2021,
  • 93% SMEs which were targets admitted that the attacks gravely impacted their business,
  • 31% of victims among the SMEs reported the financial damage, affected reputation, or loss of existing and/or difficulties in on-boarding new clients or jobs,
  • Almost 50% had business interruption while cyber-attacks were carried out.

However, such scenario is not optimal to the small and medium enterprises due to the aforementioned reasons – insufficient awareness and limit in terms of their financial and human resources. The PUZZLE Project is, indeed, designed to overcome the existing structural restrictions. It’s focus is the PUZZLE Market place offering a wide range of tools, applications, and services of external vendors available in terms of SECaaS (Security as a Service) protecting the data, privacy, and integrity of the data of SMEs and other users.

The task of the PUZZLE ecosystem is monitoring of active cyber defence resources of the SME users and evaluating of individual and cumulative risks as well as giving mitigation proposals, based on collected information. At the same time, by collecting (aggregating) relevant knowledge and information, the PUZZLE will raise general level of information and awareness of SME digital risks.

How to Reach the Goal?

Traditional cybersecurity settings at the organisation level include a sufficient degree of information on and adequacy of the offered solutions on the market relative to organisation needs, engagement of internal staff for implementation and maintenance, and, finally, purchase of a solution.

Specific Project Effects and Scope

The objective of the PUZZLE project is to, through this project, provide all European small and medium enterprises with comprehensive, tailor made and affordable security solutions, in order for such enterprises to be aware of growing threats and measures for prevention.

To gain the momentum for the project and for the time following its implementation, the community of initial users has been set up through the so-called validation contracts.

While the intention of setting up the community is to evaluate the PUZZLE Marketplace from the perspective of users, validation of external cybersecurity vendors is a mechanism for the vendors willing to participate in the project, thereby attempting to expand the reach of their services to the SME area.

Basically, the SMEs and cybersecurity providers are, within the framework of the PUZZLE project, engaged in the common task – to raise awareness and actual capacities of small and medium enterprises to defend against all types of jeopardising cybersecurity.

After the Open Call ended 5 SMEs and three cybersecurity providers went through the evaluation and selection process, who will be involved in the process of the validation contracts as early adopters and will be awarded EUR 10,000 following the final stage of implementation and testing. Thereby, SMEs dealing with IT security are recognised as those having relevant knowledge and competences, qualifying them for the participation in this pan-European project which, in a useful manner, promotes the cooperation between the entities of the European Union member states and the states in the process of accession to the Union.

This press release was originally published in PC Press magazine on February 10th, 2023 in Serbian language.