The Small Business Administration is launching a new pilot program that could help you thwart a future cyberattack, but only if you are in one of three select yet unknown states.
The agency announced Jan. 21 that it plans to distribute $3 million in grants to state governments to help small businesses meet their cybersecurity needs. Prizes will range between $800,000 and $1 million each. While it remains to be seen exactly how and when these funds will be distributed, based on known details of the pilot program, only three states are likely to receive funding, at least initially.
“Through a targeted pilot program, the SBA will be able to identify key successes and develop deep relationships that can potentially be replicated in the future,” the agency said. Inc.
The pandemic has pushed small businesses to adopt technology at high rates so they can adapt and grow, Isabel Guzman, SBA Administrator said when announcing the pilot program. New attacks are evolving, with fraudsters targeting smaller businesses because they typically have fewer resources to devote to mitigating their risk. As cyber threats increase, they also become more expensive.
It’s unclear how far that initial $3 million will stretch, even for states that land one of the three SBA grants. “That’s woefully inadequate given the cybersecurity risks associated with the infrastructure,” says Brian A. Marks, executive director of the University of New Haven’s Entrepreneurship and Innovation program. While praising the idea of a grant program that helps small businesses address cybersecurity risks, Marks questions the effectiveness of such a small amount.
Outdated systems and technologies that operate critical infrastructure can have widespread repercussions if targeted by malicious actors. Parts of the East Coast experienced such disruption last year following the Colonial Pipeline ransomware attack, which led to gas shortages triggered by panic buying. The FBI’s Internet Crime Report shows that the costs associated with cybercrimes amounted to $2.7 billion in 2020.
But if the pilot program is successful, it’s possible more states will see similar funding efforts in the future, according to Randy Trzeciak, a professor at Carnegie Mellon University’s Heinz College. With continued efforts, small businesses across the country would surely benefit from the aid. Grant recipients are required to use program proceeds to provide or develop services for an entrepreneur audience, although they do not need to match government funds.
State governments, as well as Puerto Rico, Guam and other U.S. territories, are eligible to apply for the pilot program and have until March 3, 2022 to do so.
There are several options for using the money, but it must be spent on supporting resources that mitigate cybersecurity threats. “The funding is only for states to deploy assistance in the form of training, awareness, workshops, online tools [and] technical expertise,” says the SBA Inc. The agency adds that the pilot program “does not operate as a transfer or sub-grant model in which small business owners get grants, and states that receive funds are not asked to further distribute the funds to small enterprises”.
And even if your state doesn’t end up on the SBA’s shortlist, now is the time to improve your cyber-preparedness, says Theresa Payton, the former White House chief information officer for George W. Bush. . She suggests companies would benefit from building relationships with their local FBI InfraGard chapter.
“The FBI issues important, industry-specific bulletins and offers several collaborative opportunities for members,” says Payton. “These exchanges of information can help a small business understand the threat landscape facing its industry and begin to formulate a cybersecurity program to address the specific risks it faces.”
Strengthening cyber defenses is a start, but constant maintenance remains essential for businesses of all sizes.
For companies struggling to focus on their priorities, Payton suggests they take a page from the Department of Defense’s so-called “100 Coins” exercise. In this scenario, she explains that you are given a long list of priorities but only 100 coins to spend. “I would encourage [company leaders] start with the worst-case scenario to determine where the majority of their resources should be spent,” says Payton.