In this study, mission critical work refers to tasks, systems or processes within an organization that are essential for its operations and survival. If they fail or are disrupted, the entire operations could be significantly impacted or even brought to a complete halt. It is the most critical work that must be done without interruption to maintain functionality. The difference between mission critical and business critical systems is that mission critical is vital to the core mission or primary functions of the organization. Business critical systems are crucial to business operations and support the organizations’ core processes.

In addition to the impact on the sustainability of organizations, mission-critical failures and disruptions can have a ripple effect with significant economic consequences for government and industry sectors. This is particularly the case when failures and disruptions involve critical infrastructure, which encompasses systems and assets essential for the functioning of a society and its economy. These failures can disrupt supply chains, impact business productivity, and lead to economic losses.

To reduce disruptions and failures, organizations need to assess their ability to manage the risks to tasks, systems and/or processes as well as to protect and secure sensitive and confidential data in mission critical workflows.  However, as shown in this research, confidence in understanding the risk, security and privacy vulnerabilities in mission-critical workflows is low.

Respondents were asked to rate their confidence in the privacy and security and their ability to understand the risk profile of their organization’s mission-critical workflows on a scale of 1 = no confidence to 10 = highly confident. Only 47 percent of respondents say they are very or highly confident in understanding the risk profile of mission-critical workflows. Slightly more than half of respondents (52 percent) are very or highly confident in the privacy and security of mission-critical workflows.

The importance of optimizing mission-critical workflows

In the past 12 months, 64 percent of organizations report they experienced an average of 6 disruptions or failures in executing mission-critical workflows. Respondents say cyberattacks are the number one reason mission critical failures and disruptions occur. To prevent these incidents, 61 percent of organizations in this research believe a strong security posture is critical.

The disruption or failure of mission-critical workflows can result in the loss of high-value information assets. This is followed by data center downtime, which not only prevents mission critical work from being completed but can have severe financial consequences. Sixty-three percent of respondents say the number one metric used to measure the cost of a disruption or failure is the cost of downtime of critical operations. According to a study conducted by Ponemon Institute in 2020, the average cost of one data center downtime was approximately $1 million. Forty-six percent of respondents say that the organizations’ survivability was affected because of a complete halt to operations.

A strong security posture and knowledgeable mission-critical staff are the most important factors to prevent mission-critical disruption and failures. Organizations need to secure mission-critical workflows to avoid disruptions or failures (61 percent of respondents) supported by a knowledgeable mission-critical staff (57 percent of respondents). Also important is an enterprise-wide incident response plan (51 percent of respondents).

Few organizations have risk mitigation strategies in place as part of their mission-critical collaboration tools. According to 47 percent of respondents, their organizations use mission-critical collaboration tools. However, only 39 percent of respondents have risk mitigation strategies in place. Of these respondents, 59 percent of respondents say they have backup procedures to prevent data loss, 54 percent of respondents say they have contingency plans to handle unexpected events.

Cyberattacks and system glitches were the primary causes of the disruption or failure. To reduce the likelihood of a disruption or failure, organizations need to ensure the security of their mission-critical workflows. Fifty percent of respondents cite cyberattacks as the cause of disruption or failure followed by 49 percent who say it was a system glitch. Sixty-one percent say a strong security posture is the most important step to preventing disruptions and failures.

Measuring the financial consequences of a disruption or failure can help organizations prioritize the resources needed to secure mission-critical workflows. Fifty-three percent of respondents say their organizations measured the cost of the disruption or failure in executing mission-critical workflows. The metrics most often used are the cost of downtime of critical operations (63 percent of respondents), which is the number two consequence of a disruption or failure. Other metrics are the cost to recover the organization’s reputation (51 percent of respondents) and the cost to detect, identify and remediate the incident (50 percent of respondents).

Organizations should consider increasing the role of IT and IT security functions in assessing cyber risks that threaten workflow’s reliability. Despite the threat of a cyberattack targeting mission-critical workflows, only 16 percent of respondents say the CISO and only 10 percent of respondents say the CIO are most responsible for executing mission-critical workflows securely. The function most responsible is the business unit leader, according to 26 percent of respondents.

A dedicated team supports the optimization of mission-critical workflows. Fifty-six percent of respondents say their organizations have a team dedicated to managing mission-critical workflows. The 44 percent of organizations without a dedicated team say it is very or highly difficult to accomplish the goals of mission-critical workflows. According to the research presented in this report, a dedicated team gives organizations the following advantages.

• Increased effectiveness in prioritizing critical communications among team members
• More likely to be able to prevent disruptions and failures in executing mission-critical workflows
• More likely to measure the costs of a disruption or failure to improve the execution of mission-critical workflows
• Improved efficiency of mission-critical workflow management and effectiveness in streamlining mission-critical workflows
• More likely to use mission-critical collaboration tools

 Mission-critical workflows require setting clear objectives, understanding the requirements, mapping workflows and managing risks. The two most often used activities to manage mission-critical are analyzing current workflow processes (47 percent of respondents) and training mission-critical employees (44 percent of respondents). Only 34 percent of respondents say their organizations are very or highly effective in prioritizing critical communication among team members.

Mission-critical workflows can be overly complex and inefficient. Taking steps to automate repetitive tasks where possible and to regularly review and update workflows are only used by 38 percent and 36 percent of organizations, respectively. Only 46 percent of respondents say their organizations are very or highly effective in streamlining mission-critical workflows to improve their efficiency and very or highly efficient in managing mission-critical workflows.

Ineffective communication about the execution of mission-control workflows can put organizations’ critical operations at risk. Sixty percent of respondents say it is the lack of real-time information sharing and 58 percent of respondents say it is the lack of secure information sharing that are barriers to effectively executing mission-critical workflows.

Enterprise-wide incident response plans should be implemented to reduce the time to respond, contain and remediate security incidents that compromise mission-critical workflows. Fifty-one percent of respondents say an enterprise-wide incident response plan is critical to the prevention of disruption and failures. Fifty-nine percent of organizations measure effectiveness based on how quickly compromises to mission-critical workflows are addressed. Organizations also measure their ability to prevent and detect cyberattacks against mission-critical workflows.

Organizations are adopting AI to improve the management of mission-critical workflows. However, organizations need to consider the potential AI security risks to mission-critical workflows. Fifty-one percent of respondents say their organizations have deployed AI. Most often AI is used to automate repetitive tasks (60 percent) and secure data used and data harvested by Large Language Models (LLMs). The top AI security risks according to respondents are potential leakage or theft of confidential and sensitive data (53 percent) and potential backdoor attacks on their AI infrastructure such as sabotage or malicious code injection (48 percent).

Mission-critical collaboration tools are considered very or highly effective, but adoption is slow. Only 47 percent of respondents use mission-critical collaboration tools. However, 54 percent of respondents say these tools are very or highly effective in making workflows efficient with minimum disruption to critical operations. The features considered most important are data encryption (61 percent of respondents), data loss prevention (56 percent of respondents) and the ability to securely enable real-time communication between teams (56 percent of respondents).

To read the rest of this report, including key findings, please visit Mattermost.com

Finally, crypto ATMs are getting a bit of the attention that they deserve.

As host of AARP’s The Perfect Scam podcast, I talk to crime victims every week.  A few years ago, a majority had their money stolen via bogus gift card transactions. Today, it feels like almost every person is the victim of a cryptocurrency scam, and many have their money stolen through crypto ATMs.

I’m sure you’ve seen these curious machines in convenience stores and gas stations, which are also known as convertible virtual currency (CVC) kiosks.  Put cash in, and you can send or receive crypto around the world.

Crypto ATMs, in theory, democratize crypto. Someone who wouldn’t feel comfortable buying crypto online can do so in a familiar way, using a machine that works just like the ones we’ve used to get cash for many years.  Perhaps you won’t be surprised to hear that crypto ATMs are a bad deal.  Set aside crypto volatility and high transaction fees for a moment: No one who feels uncomfortable opening an online crypto account should be buying or transmitting crypto. Period.

And yet, these crypto ATMs are sprouting up like weeds, at a time when old-fashioned ATMs are disappearing. There were roughly 4,000 crypto ATMs in 2019, and there were more than 37,000 by January of this year.

I know that because  the U.S. Treasury’s Financial Crime Enforcement Network — FinCEN — published a notice Aug. 4 warning financial institutions about crypto ATMs and their connection to crime. The agency also said many of these devices are being put into service without registering as money service businesses with FinCEN, and their operators are sometimes failing to report suspicious activity.

As I mentioned, there really isn’t a use case for these fast-proliferating devices.  Well, there’s one. When a criminal has a victim confused and manipulated, the fastest way to steal their money is to persuade them to drive to the nearest crypto ATM and feed the machines with $100 bills. I’ve talked to countless victims who’ve told me harrowing, tragic tales of crouching in the dark corner of a gas station, shoving money into one of these machines, terrified they are being watched.  In fact, they aren’t. Employees are told not to get involved. So victims drive away, their money stolen in the fastest way possible.  The transfer is nearly instant, faster than a wire transfer, and irrevocable.

That means it’s the perfect gadget for criminals like the Jalisco Cartel in Mexico to steal cash from Americans. Particularly elderly Americans, FinCEN says. According to FTC data, people aged 60 and over were more than three times as likely as younger adults to report a loss using a crypto ATM.

“These kiosks have increasingly facilitated elder fraud, especially among tech/customer supports scams, government impersonation, confidence/romance scams, emergency/person-in-need scams, and lottery/sweepstakes scams,” FinCEN said. And the losses are huge. “In 2024, the FBI’s IC3 received more than 10,956 complaints reporting the use of CVC kiosks, with reported victim losses of approximately $246.7 million. This represents a 99 percent increase in the number of complaints and a 31 percent increase in reported victim losses from 2023.”

In other words, we have a five-alarm fire on our hands.  One that’s been blazing in broad daylight for at least a year and yet…every week, I continue to interview victims who crouched near a crypto ATM for days on end, stuffing bills into these machines, thinking they were doing the right thing.

Banks and kiosk operators should do much more. The current daily limits on transactions aren’t low enough; victims are just instructed to drive all over town, or make daily deposits for weeks on end, so criminals can steal hundreds of thousands of dollars this way.  Regulators should do more, too.  If the majority of transactions flowing through a certain kiosk can be traced to fraud, the machine should be removed immediately. It’s not impossible. The UK ordered all cryto ATMS shut down recently.

Tech can enhance our lives; it can also be weaponized. And when it is, we shouldn’t stand idly by and act as if we are powerless to stop the pain it is causing our most vulnerable people.