Digital disasters.

• Position: CYBERSECURITY ROUND TABLE

Data breaches can destroy a company. Prevent them with preparation: identifying weaknesses, strengthening technology and planning a response.

HOW CAN BUSINESSES BE MORE AWARE OF CYBERSECURITY?

CHEBROLU

My role, especially at Red Hat, is to ensure that we document the transmission, processing, storage and so forth of all sensitive data. That brings together business and information technology to identify weaknesses and strengthen cybersecurity. There's no silver bullet that will secure a network, server or data, so we install controls at several levels. If one fails, a second at the very least reduces the problem. Concerns are popping up in new places all the time. Vehicle technology, for example, has already been proven vulnerable. In July, as part of an experiment sponsored by Wired magazine, two St. Louis hackers took control of a Jeep Cherokee, adjusting cabin controls and shutting off the engine.

MURRAY Until recently, cybersecurity has been about keeping out bad guys. Now the focus is identifying internal weaknesses. Closing hacker access via online social interaction, whether it's emails, phishing or vishing --attempts to steal data over the phone--is a big challenge. Our clients struggle to decide how many resources to dedicate to external versus internal protections. We spend a lot of time re-educating and helping them understand the true risks.

MARSHALL As privacy lawyers, we help clients understand their legal obligations, both on the front end, such as privacy policies, and back end, such as required date-breach responses to customers and authorities. That happens before a data breach occurs. Many companies haven't identified what data they're collecting and if it is regulated. That is the first step.

ESTES The state's critical infrastructure needs to be secure. We work with local businesses to make sure that they have breach-response plans. The state, like private companies, is required to report data breaches.

ELLER Think about all the debit-card breaches over the last 48 months or so and all the Automated Clearing House and wire transactions done daily. We work with small and large businesses. Educating our customers and employees is critical to protecting them. We can invest the entire world's money in technology, such as anomaly detection, but we know that's not going be 100% effective. There's no better correlation engine than a human brain.

LIBBERT The financial industry shares the security burden with its customers. Many of them are small businesses that don't have cybersecurity resources or expertise. Cybersecurity education has come a long way over the past five years. My mom is a retired librarian. If I told her to be careful of phishing five years ago, she first would correct my spelling. Then she would say, "What do fish have to do with email?" I can talk to her about it now because of customer education.

AHLUWALIA There are two types of organizations: those that have been breached and those who don't know they've been breached. Retail breaches, such as when credit- and debit-card numbers, addresses and phone numbers were stolen from more than 100 million [Minneapolis-based] Target Corp. customers in 2013, were the norm. The threat changed from financial to espionage in July, when [Toronto-based dating website] AshleyMadison.com was hacked and the names of its users were held for ransom.

DOES CYBERSECURITY LIABILITY ONLY FALL ON COMPANIES? WHAT ABOUT VENDORS THAT HANDLE THEIR DATA?

MURRAY About 25% of breaches occur because of an honest mistake. An employee might post something on a website or not follow procedure. Training can solve those issues. But many of our clients who run smaller businesses use vendors for IT support, and they aren't necessarily as security conscious. Most of the cyber incidents we get involved with include a client who used a...