Research: People Ignore Security Warnings through Habit

Don't be so sure that you pay sufficient attention to messages delivered by your computer warning you about unsafe surfing activities. An experiment at Brigham Young University in Provo found that users "routinely ignore security warnings." One reason we do that is because we tend to get "habituated" to certain common messages on the screen and overlook them to our peril.

Researchers Bonnie Anderson, Brock Kirwan and Anthony Vance conducted the project to explore how people deal with online security risks. While users declared that they "care" about keeping their computers secure, their behavior suggests otherwise.

For the study, the faculty members queried students about how they felt about online security. Next, in a "seemingly unrelated task," the students were asked to use their own computers to visit a site to categorize pictures as animations or photographs in order to confirm the accuracy of a computer algorithm developed to do the same task.

As the participants worked through the image pages, warnings would randomly appear on the screen informing them of malware issues with the site they were asked to access. If they ignored the message a certain number of times, they were "hacked."

"A lot of them freaked out — you could hear them audibly make noises from our observation rooms," said Vance, an assistant professor of information systems. "Several rushed in to say something bad had happened."

The hack, showing a screen-sized warning message from an "Algerian hacker," wasn't real. Nothing bad actually happened to the computers.

But the researchers took it a step further. Kirwan, an assistant professor in the department of psychology, set up EEG machines to measure brain responses to risk. They're using functional magnetic resonance imaging (fMRI) to measure neural activity in the visual processing centers of the brain and track how it responds with repeated exposure to warnings. The idea is to explore how "repetition suppression" occurs in the brain in order to develop security warnings that people will pay attention to.

"A lot of people don't realize that they are the weakest link in their computer security," said Kirwan. "The operating systems we use have a lot of built-in security and the way for a hacker to get control of your computer is to get you to do something."

The project showed that brain data is a better predictor of security behavior than a person's own response. "With neuroscience, we're trying to understand this weakest link and understand how we can fortify it," noted Vance.

Anderson, associate professor of information systems, and her colleagues have received a $294,000 grant from the National Science Foundation to continue the research. The findings from the latest experiment were recently published in the Journal of the Association for Information Systems. A draft version of the paper is available online.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • widescreen computer monitor displaying an AI-powered search engine interface with a search bar and futuristic icons

    Google, Microsoft Expand AI-Driven Search Capabilities

    Recent announcements from Google and Microsoft highlight a slough of AI capabilities for their search tools.

  • glowing shield with a lock symbol at its center, surrounded by stylized outlines of books, a graduation cap, and a laptop

    Why the Education Sector Needs to Get Better at Cyber Hygiene

    Despite the wealth of publicly available information about cyber attacks and the tactics used by malicious actors, many institutions appear unprepared to protect their students, faculty, and endowments from cyber threats.

  • illustration of a futuristic building labeled "AI & Innovation," featuring circuit board patterns and an AI brain motif, surrounded by geometric trees and a simplified sky

    Cal Poly Pomona Launches AI and Innovation Center

    In an effort to advance AI innovation, foster community engagement, and prepare students for careers in STEM fields and business, California State Polytechnic University, Pomona has teamed up with AI, cloud, and advisory services provider Avanade to launch a new Avanade AI & Innovation Center.

  • glowing brain, connected circuits, and abstract representations of a book and graduation cap on a light gray gradient background

    Snowflake Launches Program to Upskill 100,000 People in Data and AI

    Cloud data platform Snowflake is embarking on an effort to train and certify more than 100,000 users on its AI Data Cloud by 2027. The One Million Minds + One Platform program will provide Snowflake-delivered courses, training materials, and free access to Snowflake software, at no cost to learners.