The White House recently announced a $1 billion cybersecurity grant program designed to help state and local governments improve their cyber defenses, particularly in protecting critical infrastructure. The latest executive order stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion to protect critical infrastructure against cyberattacks after a series of high-profile ransomware attacks, like the one that took down the Colonial Pipeline.
Those government agencies wishing to take advantage of these funding opportunities must submit a grant proposal by mid-November. Proposals are accepted only for sixty days after the announcement of the program.
Grantees can use the funds to invest in new cybersecurity initiatives or make improvements to existing defenses. Winners are guaranteed to receive a minimum of $2 million. However, program requirements stipulate that 80% of funding must be invested in local or rural communities. In addition, recipients are required to distribute at least 3% of the funds received to tribal governments.
Although companies in the private sector are not eligible for these grants, the private sector is likely to see an indirect benefit. The fact that governments are placing an increased focus on cyber security will certainly help IT security teams because of the attention it will bring to the seriousness of dealing with cyber security threats.
This national attention, in turn, should make it easier for IT security teams to approve their budgets.
Securing your IT security budgets for 2023
Obtaining funding for IT initiatives can be complicated even under the best of circumstances. The current economic recession would typically make it impossible for IT security teams to get funding for new security initiatives, barring some sort of disaster. However, the emphasis that the federal government is currently placing on cybersecurity could give IT professionals the opportunity they need to have an honest discussion about security within their organization, which could ultimately lead to funding for security projects. safety.
Here are six basic steps IT professionals can use to improve their chances of getting the funding they need:
Step one: Outline the problem
The first step involves demonstrating to higher-ups that your project is intended to protect against a credible threat. The latest headlines can help provide the proof you need and let you know that if the government is taking cyber security threats seriously, then your organization should too. Additionally, if the government is ramping up its cyber defenses, then attackers may tend to move to softer targets, such as businesses that still rely on legacy security tools.
Step two: Test your thinking
This leads to the second step described in the article, which is to use data to your advantage. This might mean citing recent cybercrime statistics or using available security tools to gather statistics from your organization highlighting the problem you’re trying to solve.
Step Three: Present a solution
Next, you’ll want to outline what your proposed solution would do. It’s one thing to show that a security problem is real, but you also need to be prepared to explain how the intended solution will fix the problem.
Step four: Set the date
Step 4 is about creating an implementation plan. Those tasked with managing an organization’s finances are almost always concerned about return on investment. In other words, how long will it take for a newly purchased product to provide a sufficient benefit to offset its cost. You must demonstrate that the cost of your proposed solution is justified and that it will be implemented and provide a return on investment in a reasonable amount of time. This also holds your entire stakeholder team accountable to the agreed time frame.
Step Five: Show them the money
In this approval process, you will need to demonstrate estimated savings to the company. Yes, your new security tool can protect an organization from catastrophic financial losses due to a ransomware attack or a regulatory breach, but it’s important to show the savings in other ways as well. For example, will adopting a new tool reduce the amount of overtime the IT department works?
Step Six: Bring in the research
Finally, you’ll want to show that you’ve looked at competing solutions and prepared a price comparison. It’s okay if your proposed solution isn’t the cheapest option. Just make sure you can justify why you’re not recommending the least expensive option.
Prove the need for an IT Security Budget with data
Of course, before you start looking for funding for an enhanced cybersecurity defense, you need to demonstrate how your organization could be at risk from a cyber attack. Since many such attacks target Active Directory, you can start your data collection efforts by using Specops Password Auditor to scan your Active Directory for password weaknesses.
This free, read-only tool can help you discover passwords that don’t adhere to your password policy or compliance requirements or industry best practices. More importantly, you can find out which users are using passwords that are known to have been cracked from a database of over 875 millionmaking those accounts vulnerable because their passwords are available for purchase on the dark web.
Specops Password Auditor is just one of countless free security tools that are available online, but it’s a great place to start because it does a good job of uncovering the real security vulnerabilities that currently exist within your organization.
Get a leg up on IT security funding in 2023 and try Specops Active Directory Password Auditor today.
