On May 12th, the WanaCry (Wana Decrypt0r) worm began affecting computers worldwide. Among the many industries, companies, and individuals affected, the UK National Health Service (NHS) was hardest hit placing patients possibly at risk.
This is a wake up call for all organizations. This should increase the level of concern as to an organization's ability to operate safety should a threat materialize.
Cyber risk has the potential to affect compliance programs which are intended to keep: people, the environment, and businesses safe. Threats like those similar to the WanaCry worm could disrupt an organization's ability to:
Shutdown a process
Make safety and security decisions
Access critical information and documents such as: safe work practices, shutdown procedures, critical defeats register, and so on.
Having an effective cyber security program is an essential part of today's compliance platform. International standards such as: IEC 61511, IEC 61508, ISA S84, and others provide guidance and are considered best practices. However, aligning cyber security with process safety programs continues to be an important challenge for companies to address.
Like all best practices they need to be applied, followed, and then continuously monitored as to their effectiveness. In light of recent news, this is the perfect time to review and evaluate the effectiveness of your cyber security, emergency preparedness, and safety management programs.
Plan-Do-Check-Act Questions:
Which compliance programs, if disrupted, would most hinder your organization's ability to operate safely?
What procedures are in place to continue operating safely in case of a cyber attack?
Does your cyber risk assessment extend beyond covered processes or high consequence areas? Are there any gaps in coverage?
Is the identification of cyber risks part of your overall risk management program?
What step can you take to improve the management of cyber risk within your organization?