UNLV has received more than $3 million through a series of grants to help small businesses fend off cyberattacks, which are often unable to afford cybersecurity consulting but can struggle to absorb the financial fallout of a cyberattack

The grants will go toward the university’s Free Cyber Clinic, which trains students for cybersecurity careers and provides free consulting to local small businesses. The funds, which are set to be distributed over the next few years, include $2 million from the National Security Agency, $650,000 from the Small Business Administration and $500,000 from Google.

Wednesday’s announcement comes as cybersecurity threats are on the rise internationally, particularly in the U.S. A cyberattack can cost anywhere from tens of thousands to millions of dollars in lost revenue, may lead to ransom payments and can shutter a business’ operations. 

In the past two months, MGM Resorts International, Caesars Entertainment and the Clark County School District have been the victims of cyberattacks. MGM lost an estimated $100 million as a result of the attack, which affected business operations, including gaming floors and guest services, in eight states. An undisclosed number of customers also had their personal information stolen.

While no business is safe from a cyberattack, small businesses are considered the most vulnerable because they often lack the infrastructure to bolster their protections from the attacks, said clinic director Yoohwan Kim. The free consulting that UNLV provides — in partnership with the Nevada Small Business Development Center — is something that small businesses could otherwise not afford.

“Small companies don't have much revenue. They don't have IT staff, they don't have any cybersecurity personnel. So if they get attacked, they don't know what to do,” Kim said.

UNLV has helped more than a dozen small businesses with their digital security.

However, as hackers become more advanced, industry experts have cautioned there’s only so much a business can do to stave off attacks.

“Anybody is vulnerable,” Gus Fritschie, senior vice president of Bulletproof, a cybersecurity firm, said at a webinar earlier this month. “What makes this problem so difficult to solve is you can do all the right things. It’s going to users that are the weakest link.”

Many ways for companies to increase their security are “simple practices,” Kim said, such as employee training on phishing emails and multifactor authentication.

As companies bolster their cybersecurity protection, hackers are increasingly trying to take advantage of individual employees, Kim said.

“You could have 99 percent of your staff well prepared to handle a phishing expedition or some hack that comes into their inbox,” said Stephen Miller, an economics researcher at UNLV. “You just need one person that's not thinking or is fearless and clicks on something, opens it up, gives the hacker access to the whole system.” 

The revenue lost from a cyberattack could be enough to shutter a small business, Kim said. An international cybersecurity study found 47 percent of U.S. businesses suffered a cyberattack in 2022, up 7 percent from the year before. Forty percent of those businesses lost at least $25,000 as a result of the attack.

The rise in attacks comes as the cybersecurity workforce is understaffed. There are more than 570,000 open cybersecurity jobs nationwide, including more than 5,500 in Nevada, according to Cyberseek, an online platform that tracks the cybersecurity workforce.

In August, the White House unveiled a plan to revamp the national cybersecurity workforce. The effort focuses on reducing barriers to entering the industry by shifting to a skills-based workforce and increasing the sector’s diversity. 

At a cybersecurity summit at UNLV in August, officials announced new ways for students to gain professional experience in cybersecurity and efforts to bolster cybersecurity education.