Welcome to the seventh edition of the CyberCapsule. In this edition, we highlight i) several reports detailing the frequency of phishing attacks and data breaches; ii) new government-backed programs aimed at enhancing the cybersecurity of entities in K-12 education, healthcare, utilities, and other sectors; and iii) as always, provide a peek into the threat actor world.

AS THE WORLD TURNS

The Fish Are Biting. On October 30, 2023, SlashNext published its State of Phishing Report. The report revealed, among other things, a 1265% surge in malicious phishing attacks since the launch of ChatGPT.

This Makes Me Sick. On November 3, 2023, the HHS reported that over 88 million individuals have been impacted by breaches in 2023 alone.

Buyer Beware. On November 16, 2023, Check Point Research disclosed research about a pattern of threat actors using luxury brands to lure victims into clicking on malicious links.

HELPING HANDS

The FCC Turns Tutor. On November 14, 2023, the FCC created a pilot program that would allow officials to collect data about the cybersecurity services that would best help K-12 schools and libraries defend against cyberattacks.

A Healthy How To. On November 17, 2023, CISA published "The Mitigation Guide: Healthcare and Public Health," which offers recommendations and best practices to combat cyber threats affecting the healthcare and public health sector.

CISA Is Your Co-Pilot. On November 20, 2023, CISA announced a voluntary pilot program aimed to assist entities in the healthcare, water, and K-12 education sectors with cybersecurity services.

Dept of Energy Giving A Boost. On November 20, 2023, the US Department of Energy announced a $70 million funding opportunity to improve the cybersecurity of electric cooperative, small investor-owned, and municipal utilities.

In The Navy. On November 21, 2023, the US Navy published its Cyber Strategy that discusses secure critical infrastructure and weapon systems; ways to improve and support the cyber workforce; how to conduct and facilitate cyber operations and defend enterprise IT, and ways to foster cooperation and collaboration.

DID YOU HEAR?

DHS Adopts Its Own Cyber Readiness Requirement. On November 1, 2023, DHS published the details of a new "cybersecurity readiness evaluation factor" to determine if contractors have appropriate cyber protections in place before contracting with them.

CCPA - It's Not Just for Privacy. On November 8, 2023, the CCPA issued its updated draft cybersecurity audit regulations for discussion during the December 8, 2023 meeting.

I Need an IRP, STAT! On November 13, 2023, New York State proposed new cybersecurity program and incident reporting requirements for hospitals. The proposed provisions would require hospitals to create and maintain a cybersecurity program to address risks and protect information from unauthorized access.

Hey, Alexa, Get Me Cyber Insurance. On November 29, 2023, Amazon Web Services launched a program that allows its customers to share information about controls and vulnerabilities from the Security Hub portal with brokers.

DON'T FORGET

NYDFS Strengthens Cyber Requirements. On November 1, 2023, the New York State Department of Financial Services' amended cybersecurity requirements for financial services companies took effect.

