Cyberattacks in Joplin: Lessons for Every Business, Everywhere

Fear is a common tactic used by businesses to make sales. If you can convince someone their house is on fire, after all, selling them a water hose becomes a cinch.

Naturally, these tactics often exaggerate the truth; the “facts” are at least partly fabricated or manipulated. You might say, the house isn’t really on fire; someone just lit a candle.

• There are 600 million cyberattacks every single day, according to Microsoft
• The average corporate data breach costs $4.8 million, per IBM. For small and medium businesses, cyberattacks cost on average $255K.
• Fully 43% of cyberattacks target small businesses — yes, small business, not major corporations. In 2023, one-third of small businesses were attacked.

Despite the frequency and devastating cost of cyberattacks, it might shock you how many businesses don’t think it will or even can happen to them.

In our experience, far too often it takes an actual cyberattack to get folks to take cybersecurity seriously. Sadly, it’s sometimes too late. Some 60% of SMBs close within six months of a cyberattack, according to the National Cyber Security Alliance.

And since we’re an IT provider, let us say this (and genuinely mean it): Protect your business network – whether you use our services or not. Just protect your network – with professional-grade, airtight security measures. Just do it.  

As the Marine Corps teaches new recruits: There would be no thieves in the military if everyone just locked up their gear. 

Guess what? There would be no cyberattacks, or far far fewer, if every business took cybersecurity as seriously as they take locking the front door of their homes when they leave. 

The point: We’ll consider this article a success if you take action to protect your business IT systems.

Whether that’s with us or not. Let’s beat these hackers!
   

As scary as the facts are, the stories are even scarier.

Pick a city, any city, and there are plenty of cyberattack disaster stories to be told – and, as mentioned, there’s no need to exaggerate the facts.

We picked Joplin, Missouri — just one market we serve — to spotlight in this article. And, you bet, Joplin has had more than its fair share of attention from hackers.

The hard truth is, cyberattacks are all around us.

And never doubt this: there are more attacks than you and I realize. Why? Well, would you report to customers, media, etc. that your business was “hacked” if you didn’t have to? Most business owners wouldn’t; most businesses don’t. And only a fraction of organizations — think: government, schools — are required by law or necessity to report cyberattacks. 

In short, the headlines you see about cyberattacks, like those below about Joplin-based organizations, are just the tip of the iceberg. And the iceberg is big, for sure.

On to Joplin... 

Joplin City Government: A Shutdown and a $320K Payout

In July 2021, a vicious cyberattack brought the City of Joplin’s digital operations to a screeching halt. Servers, online public services, and even the internet-based phone systems went dark.

Think that caused some chaos?

The real gut punch came later: the attacker had accessed sensitive city data and threatened to release it unless paid a ransom. To prevent this exposure, the city approved a $320,000 payment to the attacker. The payout, covered by cyber insurance, was described as a last resort by city officials, who emphasized they had exhausted all other options.

"As we investigate the incident and bring our systems back online,” said spokesperson Lynn Onstot, “we will look for opportunities to further enhance our existing security measures."

Bottom line: Someone got in, locked systems down, and leveraged stolen information to extract hundreds of thousands of dollars.

City Hall eventually got back online, but the attack left a lasting mark.

Lots of money. 
Lots of work.
Lots of time. 
Lots of media coverage. 

One year later, KSN-16 News published a follow-up story. One Joplin City employee, Whitney Pachlhofer, confessed she was “probably more lax” prior to the security incident. The infiltration by a cybercriminal, and the fallout that followed, made her much more aware. “I’m always thinking about new passwords I can use now since we switch them up so often,” she said.  

As the KSN-16 reporter wrote, “Whitney Pachlhofer wasn’t trying to be risky, but says she knows so much more now.” 

That can probably be said of most Joplin City employees following the attack. And it can be said about practically all victims of a costly cyberattack…

That they “know so much more” after the attack.

Crowder College: $1.6 Million Demand, Five-Month Recovery

Just two years earlier, another cyberattack rocked the region — this time at Crowder College in nearby Neosho, Missouri.

In July 2019, the college’s entire digital infrastructure was hijacked by ransomware. The attackers demanded $1.6 million in exchange for decryption keys. Crowder refused to pay, but that decision did exact a cost.

Nearly every digital system on campus went down. Email? Offline. The website? Unreachable. Enrollment systems? Dead in the water — and it happened just weeks before students were set to register for fall classes.

“It did shut us completely down,” said Dr. Glenn Coltharp, president of Crowder College. 

With more than 4,500 students and hundreds of employees relying on those systems, the outage was debilitating. And to make matters worse, the malware had apparently been lurking undetected in Crowder’s network for months — maybe even a year — before it was triggered.

What followed was a long, painstaking recovery. It took about five months for the college to rebuild its systems from the ground up.

“I think we’ve made it through the tough times,” said Coltharp, “and now we’re seeing the light at the end of the tunnel.”

But the tough times were indeed tough. To which a great many cyberattack victims can attest.   

3 Quick Lessons: What We As Businesses Can Learn

Here are just three quick lessons for us businesses:

1.) Cyberattacks are very widespread – and no business is immune.

Small businesses are targeted for close to half of cyberattacks.

It can happen to you and your business.

If you don’t think it can, that’s a leading indicator that it probably will.   

2.) Proactive is so much better than reactive.

Here’s what Mark Morris, Joplin City IT Director, said one year after the attack on Joplin’s city government: “So instead of being reactive, we’re being proactive. And that’s, that’s the only way we can stay ahead of things.”

As the old-timers say, “An ounce of prevention is worth a pound of cure.”

And that has never been more true than when applied to protecting against cyberattack.

3.) We have the preventions; we just need to act.

No IT system is 100% safeguarded from cyberattack. But — and this is crucial — a system can be very nearly 100% safeguarded.

Cyberattacks are technology-driven. And so are the preventions. Fighting fire with fire. As Morris said following the Joplin City Government attack: “...the city is working to find technology to protect against future attacks.”

Emphasis on the word technology.

If you read over the news reports (as we did) from the Joplin cyberattacks, you’ll come across mentions like:

• Virus and malware protection
• Remote security operations center
• Security monitoring
• Password management
• Data backup
• Cloud services
• Outside IT partner

And these, along with others, are essential protections today.

Only, there’s the what and the how.

It’s one thing to buy software/hardware; it’s another thing to manage it. And if the how isn’t strong, the what hardly matters.

Which is why so many businesses partner with an outside IT services provider that specializes in cybersecurity. 

As we said earlier, we’d love to serve your cybersecurity and IT needs. We’ve been serving local businesses for almost two decades — with many longtime clients.

As one Joplin-area business owner, Dan Coenen of Don’s Cold Storage, said of his relationship with TekTrendz:

“I cannot tell you how many times we have had a problem…and TekTrendz has been there for us. As a matter of fact they have been there for us every time."  

But the more crucial thing is: Whether you use us or another IT provider, get protected! And make sure you use trusted, dependable, professional-grade services.

Otherwise, the cybercriminals will just keep winning.