The White House recently announced a billion-dollar cybersecurity grant program designed to help state and local governments improve their cyber defenses, particularly as they relate to critical infrastructure protection. The recent executive order stems from the $1.2 trillion infrastructure bill that was signed into law nearly a year ago. This bill allocated $1 billion to protect critical infrastructure from cyberattacks following a series of high-profile ransomware attacks such as the one that took down the Colonial Pipeline.
Government agencies interested in taking advantage of these funding opportunities must submit a grant proposal by mid-November. Proposals are only accepted for sixty days following the announcement of the program.
Grant recipients can use the funding to invest in new cybersecurity initiatives or to make improvements to existing defenses. Winners are guaranteed to receive a minimum of $2 million. However, program requirements state that 80% of funding must be invested in local or rural communities. Additionally, recipients are required to distribute at least 3% of funds received to tribal governments.
Although private sector companies are not eligible for these grants, the private sector will likely benefit indirectly. The fact that governments are paying increased attention to cybersecurity will surely help IT security teams because of the attention it will bring to the seriousness of countering cybersecurity threats.
This national attention, in turn, should make it easier for IT security teams to get their budgets approved.
Securing your own IT security budgets for 2023
Securing funding for IT initiatives can be tricky, even under the best of circumstances. The current economic downturn would normally make it impossible for IT security teams to secure funding for new security initiatives unless some sort of disaster strikes. However, the federal government’s current emphasis on cybersecurity may give IT professionals the opportunity they need to have a candid discussion about security within their organization, which could ultimately lead to finance security projects.
Here are six basic steps IT professionals can take to improve their chances of receiving the funding they need:
First step: describe the problem
The first step is to demonstrate to superiors that your project is intended to protect against a credible threat. Recent headlines can help provide the evidence you need and give you the opportunity to make the case that if the government takes cybersecurity threats seriously, your organization should too. Additionally, if the government strengthens its cyber defenses, attackers may be inclined to move on to easier targets, such as companies that still rely on legacy security tools.
Second step: prove your point of view
This leads to the second step described in the article, which is to use the data to your advantage. This may mean quoting recent cybercrime statistics or using available security tools to collect statistics from your own organization, highlighting the problem you are trying to solve.
Third step: present a solution
Next, you’ll want to highlight what your proposed solution would do. It’s one thing to demonstrate that a security issue is real, but you also need to be prepared to explain how the solution you’re considering will solve the problem.
Fourth step: set the date
Step 4 is to create an implementation schedule. Those charged with managing an organization’s finances are almost always concerned with return on investment. In other words, how long will it take for a newly acquired product to provide enough benefits to outweigh its cost. You must demonstrate that the cost of the solution you are proposing is justified and that it will be implemented and provide a return on investment within a reasonable time frame. It also allows your entire team of stakeholders to meet agreed deadlines.
Step Five: Show Them the Money
In this approval process, you will need to demonstrate the estimated savings to the business. Yes, your new security tool can protect an organization from catastrophic financial loss due to a ransomware attack or regulatory violation, but it’s also important to show savings in other ways. For example, will adopting a new tool reduce the amount of overtime worked by the IT department?
Step Six: Bring in the research
Finally, you’ll want to show that you’ve looked at competing solutions and prepared a price comparison. It’s okay if the solution you offer isn’t the cheapest option. Just make sure you can justify why you’re not recommending the cheaper option.
Prove the need for an IT security budget with data
Of course, before you even start looking for funding for an enhanced cybersecurity defense, you need to show how your organization could potentially be exposed to a cyberattack. Since many such attacks target Active Directory, you can start your data collection efforts by using Specops Password Auditor to scan your Active Directory for password vulnerabilities.
This free, read-only tool can help you detect passwords that violate your password policy or compliance requirements or industry best practices. More importantly, you can find out which users are using passwords that are known to have been leaked. from a database of over 875 millionmaking these accounts vulnerable because their passwords are available for purchase on the dark web.
Specops Password Auditor is just one of the countless free security tools available online, but it’s a good place to start because it’s good at detecting real security vulnerabilities that currently exist within your own organization.
Get a head start on IT security funding in 2023 and test Specops Password Auditor in your Active Directory today.