The increasing frequency of fraud and cybercrimes poses substantial risks for government entities at the local, state, and federal level. In the first half of 2024, at least 50 local governments in the U.S. suffered ransomware attacksDisclosure 1, disrupting operations and exposing them to financial loss. FBI data shows that government facilities were the third largest ransomware target in 2023, surpassed only by businesses in the manufacturing and healthcare industries.Disclosure 2 Additionally, a 2024 Blackberry study found that government ranked third among critical infrastructure sectors as a target of unique malware hashes.Disclosure 3

Understanding the vulnerabilities of government entities and the threats they face creates the foundation for a proactive cybercrime prevention and response strategy. 

Inviting targets for fraud and cyberattack

The vast amounts of data that most governments collect and store attracts cybercriminals. Stolen social security numbers, tax information, and payment data give hackers everything they need to perpetrate identity theft and financial fraud.

Governments manage essential services such as power grids, airports, and water treatment plants—functions that entice attackers, including some state-sponsored actors who seek to disrupt critical infrastructure and sow chaos.

As if that wasn’t tempting enough, government entities often process large volumes of financial transactions. Despite a strong focus on safeguarding public resources and taxpayer funds, these organizations frequently rely on outdated technology and lack cybersecurity budgets to adequately meet the current threat level. 

Recent government cyber attacks

Ransomware attack on Henry County, Illinois Disclosure 4

  • In March 2024, hackers blocked access to multiple systems, forcing county officials to shut them down until they could be restored.
  • The Medusa ransomware gang took credit for the attack and demanded that a $500,000 ransom be paid within eight days (reports don’t indicate whether ransom was paid).

Ransomware attack on Muscatine Power and Water in eastern Iowa Disclosure 5

  • In January 2024, nearly 37,000 people had their Social Security numbers and customer proprietary network information (CPNI) accessed.
  • Internet services and business systems were disabled.
  • No ransomware criminals have taken responsibility for the incident.

Business email compromise (BEC) attack on the town of Arlington, Massachusetts Disclosure 6

  • Between September 2023 and January 2024, cyber criminals impersonated a vendor with a fake email domain that appeared legitimate.
  • Posing as the vendor, the criminals deceived city employees into changing the payment method to the vendor from check to electronic funds transfer.
  • Over $445,000 in funds intended for the vendor were wired to the cyber criminals before the scam was discovered. 

Rising fraud threats

Cybercriminals routinely train their sights on high-value targets. That’s unsurprising, given the relatively weak defenses of many government entities. While malware and sophisticated computer crimes are increasingly common, tried-and-true fraud methods prevail.

Check fraud remains the most common type of financial crime.Disclosure 7 The high number of checks that governments issue and accept serves as an invitation to fraudsters and provides a ready supply for the recent resurgence of check washing.Disclosure 8

As more and more payments move into the digital realm, ACH fraud is becoming increasingly common. Criminals can make changes to approved ACH payment instructions so they can redirect government funds to their own accounts.

Trending cyber threats

Hackers employ a wide array of cyber threats against government entities and agencies, the most common being business email compromise (BEC). A common BEC tactic is to impersonate an outside vendor or a senior leader in the agency, such as an agency head or government entity manager, to trick accounting and finance personnel into redirecting payments or providing sensitive data. These attacks can be made directly on a government entity’s email system or through compromised third-party vendors.

Third-party vendors with inadequate security protocols pose a significant cyber risk to government entities. Carefully manage and monitor your vendors to ensure they adhere to strict cybersecurity standards.

Phishing represents another common method of attack. Aimed at a broader audience, it involves sending a large volume of emails that appear to come from trusted sources. When recipients click on links or download attachments, they may unwittingly install malware on their device or arrive at a phony website the hackers set up to obtain login credentials.

Ransomware attacks have also become more frequent. After infiltrating a network, hackers lock down critical data or systems and demand a ransom for their release. This violation can create major disruptions to government operations and potentially lead to the loss of sensitive information.

Ransomware attacks can precipitate a data breach if the hackers decide to release or sell stolen information. At times, a data breach may be the criminals’ primary goal as they hack into systems specifically to steal information about taxpayers or government employees. A data breach often has a financial impact and causes operational disruption, but consequences may include reputational damage and potential legal ramifications as well.

Though not as common as ransomware or BEC, denial-of-service (DoS) attacks represent another cyber-hazard for governments. Criminals try to overload computer systems to limit access and disrupt or curtail operations for users. Motivations vary—attackers may be looking for financial gain, seeking to settle a personal score, or trying to cause as much chaos as possible.

Adopting defensive strategies

Educate and train employees. This is the most powerful tool leaders can use to shore up defenses. Regularly train every employee to recognize and respond to red flags, including:

  • Changes to wire instructions
  • Impersonation of parties involved in transactions
  • Communications—emails, phone calls, or texts—that exhibit potential risk signs and arouse suspicion by:

o   Demanding immediate action (e.g., transferring funds)

o   Asking for sensitive information

o   Occurring outside of regular business hours

o   Containing spelling or grammatical errors

Teach all staff to handle suspicious requests by verifying changes to instructions before acting on them. Make sure employees use only authenticated phone numbers and contacts to confirm changes and requests that arrive via email, text, or phone call.

Strengthen financial oversight. Set up processes and controls to safeguard finances and tighten your financial controls: 

  • Conduct regular audits and account reconciliations.
  • Fight check fraud with control systems like payee positive pay, reverse positive pay, and controlled payment reconciliation.
  • Schedule periodic, independent reviews of financial records.
  • Segregate financial duties to prevent any one person from having unchecked control over financial transactions.
  • Control and monitor who has access to bank accounts and credit cards.
  • Perform multiple reviews of each invoice.

Replace fraud-prone checks. Choose safer, electronic forms of payment like commercial credit cards, ACH, and Real Time Payments (RTP®) when possible.

Consider moving to an integrated payables platform. These streamlined payment processes allow governments to send all vendor payments to the bank in a single electronic file. Their bank then distributes these payments based on predefined criteria that identify risk-prone transactions.

Institute ACH best practices. Ensure that accounts payable staff consistently:

  • Verify authenticity and ownership of bank routing and account numbers.
  • Separate ACH file processing from file creation and maintenance.
  • Restrict access to payment data forms and records.
  • Use ACH Fraud Control to set parameters for allowed transactions and receive daily activity reports.
  • Perform daily reconciliation on ACH debit accounts.

Segregate accounts. Designate specific accounts for use with specific transactions, and block wire and ACH activity on accounts not designated for those purposes.

Establish stronger cybersecurity controls. As governments continue to pursue digitization, cybersecurity is a critical component of their overall risk management strategy. Limit your vulnerability by adopting these cybersecurity best practices:

  • Keep technology systems, devices, and software updated with the most current security protections. Update and patch immediately—don’t wait.
  • Back up data regularly.
  • Limit access to devices and sensitive data to authorized individuals.
  • Use single sign-on (SSO) systems.
  • Require strong passwords and two-factor authentication.
  • Invest in cyber insurance.
  • Establish a cyberattack response plan.

Establish a game plan.

Even with a strong defense, cyberattacks happen. For a quick and effective response, it’s crucial for governments to create a plan before an attack.

1.      Form a cross-functional incident response team, with both internal and external members, to develop and maintain a comprehensive response plan:

  • Internal team members should include representatives from IT, security, and senior leadership.
  • External members could include a cyber incident response firm, data forensics experts, data privacy legal counsel, and your cyber insurance broker.
  • Public relations professionals should be an integral part of your response team to help plan and execute incident-related, internal, and external communications.

2.      Make your plan available offline. A cyberattack may lock you out of your systems.

3.      Test the incident response plan periodically, under various scenarios. Conduct cyber-attack drills that provide team members an opportunity to practice their response steps, identify potential problems, and become familiar with how the response unfolds. This kind of “dry run” can reduce stress levels and improve the speed and performance of implementing your plan when an incident occurs. Responding on the fly often results in higher incident costs, excessive legal liability, and added reputational harm.

4.      Revisit and update your plan regularly to reflect emerging, real-world threats and evolving industry best practices, as well as changes within the organization. Replace team members who are no longer available due to attrition, location, or role changes.

Finding support to safeguard what matters

Fraud and cybercrimes pose a greater threat today than ever before. Talk to your Truist relationship manager for strategies and support to keep your government entity secure. 

Purple PaperSM

Digital Transformation

Learn how you can put advanced technology to work for your business.

Related resources

    {0}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Helpful links



    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option