Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

The eight myths about Early Warning Systems

November 9th, 2006 · No Comments ·

We have previously discussed issues regarding building and running an Early Warning System (EWS). Such as:

4 Tips for building an effective Early Warning System – organizational and human resource issues

Commercial Early Warning Systems to the rescue – sometimes

What could be the characteristics of a successful Early Warning System?

But some stakeholders believe that an EWS can take care of most if not all problems regarding users’ awareness about information security and threats. But much of this is built on myths. Sow we went and wrote down the 8 myths that we feel do more harm than good.

Table – the eight myths about an EWS that could do more harm than good




help citizens making PCs/mobiles more secure;


protect citizens against the risk of being hit by a scouring internet attack that will otherwise produce a staggering amount of damage;


provide information that is highly relevant;


provide timely information about current and emerging threats to computers and networks.


It is always better to wait for an official solution (e.g., Microsoft patch) to fix the problem.


Citizens have anti-malware and firewall, now they are safe.


Knowing about a new type of phishing attack / virus empowers users to detect future attacks.


Distributing warnings by the system indicate that it is succeeding in delivering the services it is supposed to

Note. Find out more about the above matters by visiting New threats and national warning systems – do they work?

It is neither automatic nor clear if an EWS can help users make their PC’s or mobile phones more secure, considering some of the technology that is being used which might be inherently insecure (e.g., wireless hotspots). Protecting citizens against a scouring internet attack is admirable but it will likely not succeed if it is a yet unknown type of attack that shuts down part of the infrastructure.

Providing relevant information (myth 3) depends on how targeted an EWS is. Providing alerts for citizens cannot be considered to be focused because user’s have needs that differ greatly. Providing output for technical versus non-technical users (see US-CERT) is a good first step but does not suffice. Non-technical users must further be segmented into groups.

Myth 4 suggests that timely information is vital and while we agree, warnings are generally issued after an event has happened. Hence, the are always late by design unless we can predict the future. Nevertheless, being several days late because of a long weekend does, of course, not help raise trust in an EWS’ products and services.
Waiting for Microsoft patches until fixing a vulnerability (myth 5) is, most certainly, not always wise considering that zero-exploits can cause havoc until the patch is available. Nonetheless, users who already have applied an unofficial patch may have to remove it before applying the new ones from Microsoft. For this the EWS might have to provide help which again requires issueing an advisory and could be a drain on resources.

Myth 6 points out that even though citizens have anti-malware and anti-spyware protection including a fine-tuned software-based and hardware-based firewall, new threats may not be detected by such tools. As well one can still become a victim of a social engineering attack.

Knowing about every new type of attack does not protect one against a new emerging one necessarily. Neither can we assume that users will ever be keen and knowledgeable about rootkits and password stealers (myth 7). However, changing user’s behaviors and getting them to be cautious, savvy and vigilant regarding security seems the key on the road to success.

The final myth suggests that distributing the output as produced by an EWS to as many parties as possible is the key. It surely is better to reach a thousand people than 10 but with the internet this is a weak performance measures. What about 3 of these 10 users re-distributing the alert to many more people? And even then, if people ignore an advisory it serves no purpose, does it?

Adressing the above myths also indicates that surfing silver surfers, teenagers and SMEs require different and customized content. Hence, it becomes a question of resources being able to serve various target groups. That some Computer Emergency Response Teams (CERTs) have decided to issue technical alerts and non-technical alerts is just a first step in the right direction.



→ No CommentsTags: building · damage · delivering · mobiles · produce · staggering · succeeding · text