Periodic Reporting for period 1 - SCR (Disruptive Cybersecurity SaaS for SMEs and freelance developers)
Reporting period: 2016-07-01 to 2016-12-31
The Secure Secure team conducted a thorough feasibility study assessing the opportunity for assigning SMEs to better protect their software assets from cyber attacks by deploying automated tools. The problem being addressed is the growing complexity for organisations, particularly SMEs, related to identifying and resolving security vulnerabilities that open software assets to malicious attack.
The importance to society is far reaching: malicious attacks compromise individual as well as organisation data resulting in privacy issues and financial losses. Further, new regulation at European Union level requires all businesses to implement adequate provisions for cybersecurity. Yet, the availability of tools to achieve these targets is limited, while the availability of skilled labour is expensive and in short supply.
The overall objective of the feasibility study was to understand the viability of providing an automated SaaS solution that is able to detect whether an SME’s software assets contain security vulnerabilities and then helps individuals within the company to resolve the issue without the need to specifically hire a security expert.
The importance to society is far reaching: malicious attacks compromise individual as well as organisation data resulting in privacy issues and financial losses. Further, new regulation at European Union level requires all businesses to implement adequate provisions for cybersecurity. Yet, the availability of tools to achieve these targets is limited, while the availability of skilled labour is expensive and in short supply.
The overall objective of the feasibility study was to understand the viability of providing an automated SaaS solution that is able to detect whether an SME’s software assets contain security vulnerabilities and then helps individuals within the company to resolve the issue without the need to specifically hire a security expert.
The main work conducted was a market analysis focussed on SMEs in Europe, interviews with SME owners and senior teams, SWOT analysis, intellectual property research, a sales and marketing strategy, technical development and innovation strategy, staffing and operational requirements analysis and financing requirements.
The overall results showed that most SMEs are currently doing almost nothing, or only deploying very basic tactics, to protect their companies from the threat of malicious attacks. It was found that SMEs are squeezed from two sides – the complexity of cybersecurity attacks is growing, while the ability to hire appropriate talent is becoming harder. Meanwhile, new regulation is making it essential for SMEs to observe a greater vigilance towards cybersecurity and make adequate provisions for securing data in storage or transit. Therefore, a solution for SMEs that is all-encompassing, easy to use and raises the bar high enough without the need to hire additional staff seems to be a solution which fits the needs and budget availability of SMEs.
The overall results showed that most SMEs are currently doing almost nothing, or only deploying very basic tactics, to protect their companies from the threat of malicious attacks. It was found that SMEs are squeezed from two sides – the complexity of cybersecurity attacks is growing, while the ability to hire appropriate talent is becoming harder. Meanwhile, new regulation is making it essential for SMEs to observe a greater vigilance towards cybersecurity and make adequate provisions for securing data in storage or transit. Therefore, a solution for SMEs that is all-encompassing, easy to use and raises the bar high enough without the need to hire additional staff seems to be a solution which fits the needs and budget availability of SMEs.
The challenges in the development commercialisation of this solution are linked mainly with the continuous research required to detect new emerging security threats, as well as the application of this process to new technologies which are currently immature. Further, the market for web application scanning is now relatively saturated. For these reasons, the focus of Secure Secure is on established technologies in the short term i.e. web and mobile, and newer spheres in the longer term i.e. the Internet of Things and connected devices, shall take the technology beyond the state of the art.
The impact from the project so far show the potential for Secure Secure's technology to reduce the cybersecurity risk for SMEs, reduce downtime caused by breaches, reduce the risks of reputation damage. With regard to implications for IoT/connected device services and products, the implications can be extensive, enabling manufacturers to extend the lifespan of many connected devices, reducing negative impact on the environment, increasing return on manufacturing capex and opex, and improve the value of goods and brand.
The impact from the project so far show the potential for Secure Secure's technology to reduce the cybersecurity risk for SMEs, reduce downtime caused by breaches, reduce the risks of reputation damage. With regard to implications for IoT/connected device services and products, the implications can be extensive, enabling manufacturers to extend the lifespan of many connected devices, reducing negative impact on the environment, increasing return on manufacturing capex and opex, and improve the value of goods and brand.