嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要用“文章内容总结”之类的开头。好的,我先看看这篇文章讲的是什么。 文章的标题是“Lohrmann on Cybersecurity”,作者是Dan Lohrmann。看起来是关于网络安全的内容。里面提到政府安全领导人在挣扎,网络安全投资不足,资源被削减,问题越来越严重。然后探讨解决方案。 接着,作者建议政府的CISO和其他高管调整他们的网络安全术语,更多地谈论财务欺诈、AI生成的骗局、公民信任、尽职调查、政府声誉、身份保护、网络犯罪、数据完整性以及AI解决方案。而减少谈论黑客、零日漏洞、下一代防火墙等技术术语。 原因是因为很多州和地方政府面临预算削减、人员短缺等问题,同时网络犯罪分子利用身份管理漏洞进行诈骗。文章还提到GAO和FTC的数据,显示疫情期间欺诈支付高达3000亿美元,2024年消费者损失超过125亿美元。 作者还建议采取一些措施,比如支付验证、身份分析和端点完整性,并重新审视与政府内部沟通的对象,确保AI解决方案解决实际问题。 最后的思考部分提到作者最近和几个CISO通话,他们都面临资源问题,无法获得足够的支持。作者强调现在是行动的时候了,不能等待。 总结一下:文章主要讨论政府网络安全领导面临的挑战,特别是资源不足和网络犯罪增加的问题,并提出通过调整沟通策略和采用AI技术来应对财务欺诈等威胁。 </think> 文章指出政府网络安全领导者正面临预算削减和资源短缺的困境,并呼吁调整网络安全沟通策略以应对日益严重的在线财务欺诈问题。作者建议更多关注财务欺诈、AI生成骗局及公民信任等议题,并采用AI解决方案来加强身份管理和数据安全。同时强调CISO需推动支付验证、身份分析等措施以应对威胁,并呼吁领导者积极行动以解决资源困境。 2026-1-25 10:41:0 Author: securityboulevard.com(查看原文) 阅读量:0 收藏
Government security leaders are struggling. Cyber investments are lagging. Resources are being cut. The problem is getting worse. Let’s explore solutions.
January 25, 2026 •
Shutterstock
Attention all government CISOs (and yes, CTOs, CIOs, CFOs, COOs and even a few corporate CEOs can listen in): It’s time to adjust our cyber lingo — again.
Specifically, start talking (more) about financial fraud, AI-generated scams, citizen trust, due diligence, (your government’s) reputation, protecting identities, cyber crime, data integrity and AI-solutions to all of the above.
Stop talking as much about hacking, zero-day exploits, critical network vulnerabilities, next-generation firewalls and other technical security jargon. (OK, a little talk with internal SOC staff may be an exception.)
But why?
Across the country, numerous state and local government security leaders are facing budget cuts, staffing shortages, hiring freezes, fewer grants and oftentimes an inability to make a compelling case for new (or ongoing) cybersecurity investments that are needed now.
As many state and local governments struggle with budget shortfalls and staffing challenges, the bad actors are ramping up online fraud schemes that take advantage of identity management flaws in government systems, stolen credentials, a lack of technology systems oversight, network vulnerabilities, phishing campaigns and other weaknesses that traditionally are under the auspices of cybersecurity (or cyber defense) teams.
THE AI-GENERATED FRAUD PROBLEM
Meanwhile national headlines, local news stories and even holiday dinner conversations highlight the urgent problems emerging related to online financial fraud ranging from social engineering attacks against individuals to sophisticated money scams hitting seniors to state and local government services fraud schemes.
According to GAO.gov, there was over $300 billion in fraudulent payments within pandemic-relief programs: “We estimated fraud for unemployment insurance programs between $100-135 billion from April 2020 through May 2023. The Small Business Administration’s (SBA) Office of Inspector General reported about $200 billion in potentially fraudulent pandemic-relief loans under the Paycheck Protection Program and the COVID-19 Economic Injury Disaster Loan program.”
At the same time, recently released Federal Trade Commission data show that consumers reported losing more than $12.5 billion to fraud in 2024, which represents a 25 percent increase over the prior year.
You can read details on this strategy and other tips on getting management buy-in on cyber projects in this blog.
Third, in support of the first two items, examine report details from this Microsoft Digital Defense Report for 2025, which has sections on fraud, scams and other relevant topics, along with an extensive look on identity management, which is the source of many issues.
“CISOs must implement controls that assume the trust layer is compromised. This means prioritizing controls that fight identity fraud:
- “Payment verification: Mandate out-of-band verification (e.g., a voice or video call on a separate, verified line) for all large financial transactions, no matter the internal source.
- “Identity analytics: Deploy User and Entity Behavior Analytics (UEBA) to flag anomalous activity. The person who always uses Slack for approvals and suddenly switches to email for a $500,000 transfer should be immediately flagged.
- “Endpoint integrity: Ensure your Mobile Threat Defense (MTD) strategy protects against credential harvesting and session hijacking that facilitate identity takeover.”
And last (for now): Re-examine who you are talking to in government about these issues. Beyond auditors and others mentioned, ensure that AI solutions are addressing these real business needs. What AI and cyber solutions are you deploying in your government to stop online fraud and save millions?
FINAL THOUGHTS
Some of you are no doubt wondering, why now? Is this the right time? Beyond the “take lemons and make lemonade” argument, there is another reason I wrote this blog at the end of January 2026.
I just got off the phone with another government CISO who is struggling with major resource issues. This is the fourth public-sector CISO I’ve heard from already this month who feels paralyzed with the same struggles. These pros are struggling to get executive attention, resources and action.
One more thing: I am trying my best to stay out of any political aspects related to the national fraud stories. I know both Democrats and Republicans want to fight financial fraud and ensure that our government systems work in the best, most efficient way possible.
But it is clear to me that security leaders need to be leading solutions to the AI-generated fraud narrative, and waiting is not a viable option.
No doubt, there are aspects of financial fraud that are outside the domain of CISOs and security leaders, such as prosecuting criminals by law enforcement.
But make sure you are part of the effort to fight online financial fraud in your government. Your team will be glad you did.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
如有侵权请联系:admin#unsafe.sh