Protecting proprietary data and intellectual property has never been a more critical requirement. Bad actors are targeting institutions that have previously been sacrosanct. Their methods have become harder to detect, and the damages inflicted in some cases have dealt near-fatal blows to corporate financials and organizations\u2019 operations.Take, for example, the\u00a0North Korea-backed Lazarus hack of the international SWIFT banking system, the worldwide interbank communication network that settles transactions. Consider that hospitals are being targeted with ransomware that holds patient information like blood type hostage, making it impossible for surgical procedures to be performed. Think about the Ukranian power grid outage and look at the chaos that ensued during the Verizon acquisition of Yahoo when it revealed 500 million Yahoo user accounts had been compromised and pricing had to be re-negotiated.All these attacks were enabled in part by the fact that none of the organizations expected to be victims. How can a chief security officer (CSO) or chief information security officer (CISO) anticipate attacks that the organization as a whole doesn\u2019t see coming? Is it possible for them to predict the future?CSO interviewed R.P. Eddy, CEO of the global intelligence firm Ergo and co-author with Richard A. Clarke, of the new book Warnings: Finding Cassandras to Stop Catastrophes, to get his insight. The book details several cases of prescient people, the authors describe as \u201cmodern-day Cassandras\u201d (after the figure from Greek mythology who foresaw disasters) who clearly predicted the Bernie Madoff Ponzi scheme, the 2008 recession, the rise of ISIS and many others. They were all ignored.\u00a0CSO:\u00a0 In your new book Warnings, you lay out a strategy for a government office with a suggested name of National Warning Office, whose specific mission is to forecast future problems and provide warnings to address and possibly avoid catastrophes. How would you advise CSOs\/CISOs to create a similar group and build a process to emulate what you\u2019ve suggested for government for their corporation?Eddy:\u00a0 The book tells the stories of catastrophes and the Cassandras who were proven technical experts in their fields and used data-driven evidence to support their warnings. This phenomenon had not been discovered before my co-author Dick Clarke identified it. It is one of the only predictive tools of merit I\u2019ve ever seen. There is an absolute dearth of regimented study about how to do prediction. We\u2019re horrible at it. The only place we\u2019re okay with prediction is weather. Forget corporate decision-making. There are tools, but they\u2019re not widely adopted.In very few instances do people in and around the C-suite think about surprises. Most CEOs aren\u2019t thinking about what\u2019s coming around the corner to punch them in the face. Good CEOs realize this and want information to defend against the surprises. The problem is you go from that CEO with that view to an organization incapable of scratching that itch.Why not? Three reasons. 1) They\u2019re not designed to do it. They don\u2019t have the right people or the right tools and the right mandate. 2) The right tools don\u2019t really exist or aren\u2019t properly taught. 3) Organizations are strategically surprised because decision-makers aren\u2019t properly aware or tuned in to the warnings they\u2019re getting.[Related: These are the good ol' days of cybersecurity]I encourage corporations to form a Warning Office or a Futures Office. In a corporate environment, just as in our government solution, the [forecasting] group needs to be at a high level so they can cut across divisions and not be slowed down by bureaucracy. \u00a0\u00a0CSO:\u00a0\u00a0 Who would be the best people\/titles to engage?Eddy:\u00a0 I would get my chief risk officer (CRO), my general council and my CSO\/CISO together and say, \u201cI want to understand how we\u2019re going to foretell surprises. If you want it in an org chart, I want a chief futures officer. I don\u2019t want that person doing pie-in-the-sky about when robots take over. I want them looking for strategic surprise.\u201d The challenge is that in most organizations the CRO is supposed to do this. In reality, they don\u2019t do it because they\u2019re too busy being reactive.The chief futures officer should report to the board, the CEO. They should look across the organization, look across sectors, across timelines not just short term but also a couple years into the future. They need to have the proper tools, but there are few.They need to tell everything they do in story form. They will have a hard time convincing CEOs and the board of things that are difficult to see, a future they can\u2019t grasp. For example, you say, \u201cBernie Madoff is a fraud.\u201d They say, \u201cImpossible, he\u2019s the chairman of the NASDAQ, the NASD, one of the most respected people in the industry.\u201d They can\u2019t envision him being a fraud. You have to tell that story in a narrative format so they get it.People learn through stories. Corporations need to get better at using the few tools available like basic scenario analysis, virtual markets, Cassandra Theory and applied history. They\u2019re all related. Apply them in concert with usable, actionable tactical intelligence to ward off the threat. Tactical intelligence enables the decision-makers who have been convinced beyond a shadow of a doubt that the threat is real and have allocated sufficient resources toward the fight.CSO:\u00a0\u00a0 What types of threat do you see potentially (or actually) causing problems for the private sector?Eddy:\u00a0 There\u2019s a framework we use at Ergo to help organizations see around these corners where we provide the strategic threat in a narrative format. Many threats they hadn\u2019t thought of, and we bring them through those threats with war games, mock headlines in newspapers and clips. We show them how the threat would look and tune in the decision-makers, the board and CEO. Then we identify with them several threats they need to keep their eyes on.[Related: Present and future ransomware tactics model the past]Next, we do contact tactical intelligence collection around those threats globally, and funnel that review back into a living computer system. We can constantly watch the risk flags receding or proceeding. The reason isn\u2019t just to keep track of the risks, which is necessary, but to keep the decision-makers tuned in, empowered with enough accurate intelligence, and ready to make decisions rapidly.CSO:\u00a0 Is there anything we haven\u2019t discussed that you want to cover today?Eddy:\u00a0 Let\u2019s close by talking about Initial Occurrence Syndrome (IOC). It\u2019s a very important piece of the equation. As complex, thoughtful and lovely as humans like to think humans are, we are not. We are bias-driven animals. We make decisions on bias heuristics all day long.One of the great biases is IOC, which says, \u201cIf I can\u2019t see it, if it hasn\u2019t happened before, I don\u2019t believe it\u2019s going to happen.\u201d If you tell me that my corporation is going to get hacked, every one of my computers will get bricked, and I\u2019ll have to scrounge for ancient Blackberries to communicate with other employees, I don\u2019t believe that because it\u2019s never happened before. The enormousness of the possibility is something I can\u2019t wrap my brain around so I ignore it. IOC blinds people. It\u2019s up to the newly formed Futures Office to provide me with enough accurate, actionable tactical intelligence that will help me see around that corner.