Busy browsers ignore online security alerts 90% of the time
An overabundance of simultaneous online activities has been identified as a major causes of malware infections and other cyber security problems according to researchers. Browser-based security alters are often overlooked or ignored when users are trying to do multiple things at once online.
The research was conducted by a joint team from Bringham Young University and the University of Pittsburgh. Academics used functional magnetic resonance imaging (fMRI) scans to better understand how the brain works when tackling multiple digital projects. Their research was conducted specifically in the context of online multi-tasking and security alerts.
The scans revealed a phenomenon observed by other neuroscientists known as dual-task interference (DTI). When the brain is confronted with multiple sources of input at one time it suffers a productivity loss. In order to compensate, there is a natural tendency to focus on the primary task while ignoring any secondary tasks. In this case, users ignored security alerts while continuing the risky online behavior that initially triggered the alert.
The academics Anthony Vance Jeffrey L. Jenkins, Bonnie Brinton Anderson, and C. Brock Kirwan of BYU, and David Eargle of Pitt wrote in their research paper that “Our findings suggest that although alerts are pervasive in personal computing, they should be bounded in their presentation. The timing of interruptions strongly influences the occurrence of DTI in the brain, which in turn substantially impacts alert disregard.” Essentially, they recommend that alerts be scheduled to appear during periods of low DTI.
Periods of high DTI include when users are watching videos, moving to close webpages, or entering a user name and password. Periods of low DTI include after a video has concluded, a webpage has loaded, or a mouse cursor has gone dormant. Alerts that appeared during periods of high DTI were ignored 90% of the time. Rates of acknowledgment improved significantly when the alerts were strategically scheduled.
The same team of researches conducted a previous study designed to judge user’s reaction to the content of security warnings. In that study, participants were asked to perform simple tasks during which security warnings were intermittently displayed. The majority of users ignored the warnings until they were enlarged, included menacing images, and specifically stated that the computer was being hacked.
The most recent round of research was conducted in collaboration with engineers from Google and relied on a Google Chrome extension that alerts users when malware is present and browser settings have been changed. The insights generated throughout this course of research will likely be used to improve the visibility and urgency or security alerts delivered on future browsers.