The Small Business Administration is launching a pilot program that could help you thwart a future cyber attack, but only if you're located in one of three select as-yet unknown states.
The agency announced on January 21 that it plans to dole out $3 million in grants for state governments to help small businesses with their cybersecurity needs. The awards will range between $800,000 and $1 million each. Though it remains to be seen how and when exactly these funds will be dispersed, based on the known details of the pilot program, just three states are likely to receive any funding--at least at the outset.
"Through a targeted pilot program, the SBA will be able to identify key successes and develop deep relationships that can potentially be replicated down the road," the agency tells Inc.
The pandemic prodded small businesses to pick up technology at high rates so they could adapt and grow, SBA administrator Isabel Guzman said during the pilot program's announcement. New attacks are evolving, with fraudsters targeting small businesses since they tend to have fewer resources to put toward mitigating their risk. As cyber threats rise, they're also growing more expensive.
It's unclear how far that initial $3 million will stretch, even for the states that land one of the SBA's three grants. "It's woefully inadequate given the cybersecurity risks associated with infrastructure," says Brian A. Marks, the executive director of the Entrepreneurship and Innovation Program at the University of New Haven. While lauding the idea of a grant program that helps small businesses counter cybersecurity risk, Marks questions the efficacy of such a small dollar amount.
Outdated systems and technology that operate critical infrastructure can have widespread repercussions if targeted by bad actors. Parts of the East Coast saw such a disruption last year following the Colonial Pipeline ransomware attack, which led to gas shortages spurred by panic buying. The FBI's Internet Crime Report shows that costs associated with cyber crimes amounted to $2.7 billion in 2020.
But if the pilot program is successful, there is potential that more states could see similar funding efforts in the future, according to Randy Trzeciak, a professor at Carnegie Mellon University's Heinz College. With continued efforts, small businesses across the country would surely benefit from the assistance. Grant recipients are required to use the proceeds from the program to provide or expand services for entrepreneurial audiences, though they do not need to match government funds.
State governments--along with Puerto Rico, Guam, and other U.S. territories--are eligible to apply for the pilot program and have until March 3, 2022, to do so.
There are several options for how the money can be used, but it must be spent to support resources that mitigate against cybersecurity threats. "The funding is solely for states to deploy assistance in the form of training, outreach, workshops, online tools [and] technical expertise," the SBA tells Inc. The agency adds that the pilot program "does not operate as a pass-through or sub-granting model whereby small-business owners get grants, nor are states that receive funding asked to further distribute the funds to small businesses."
And even if your state doesn't wind up on the SBA's short list, the time is now to amp up your cyber readiness, says Theresa Payton, the former White House chief information officer for George W. Bush. She suggests that businesses would benefit from creating relationships with their local FBI InfraGard chapter.
"The FBI disseminates important, industry-specific bulletins and offers several collaboration opportunities for members," Payton explains. "These information exchanges can help a small business understand the threat landscape facing their industry and begin to formulate a cybersecurity program to address the specific risks to them."
Fortifying cyber defenses is a start, but constant maintenance remains key for businesses of any size.
For businesses struggling on where to prioritize their focus, Payton suggests that they take a page from the Department of Defense's so-called "100 Coins" exercise. In this scenario, she explains that you're given an extensive list of priorities but only 100 coins to spend. "I would encourage [company leaders] to start with the worst-case scenario to determine where the majority of their resources should be spent," Payton says.