Abstract
Humans are becoming the root cause of many security vulnerabilities that can compromise a whole network through erroneous or negligent behavior. Human vulnerability is a serious challenge, as users are very limited in their attention to information security warnings and guidelines. This paper describes Security-Robot, a gamified interactive security system that rewards users according to their online security behavior. We evaluate our approach in a randomized controlled experiment against traditional security messages when users need to download software that may be malicious under time pressure. Our results show that a gamified experience reduces the number of downloaded malware without reducing productivity and that presenting preemptive notifications strengthens this effect. Finally, we discuss the implications of our findings to the theory of usable security and the design of interactive security systems.
Original language | English |
---|---|
Article number | 102270 |
Journal | Computers and Security |
Volume | 108 |
DOIs | |
State | Published - 1 Sep 2021 |
Externally published | Yes |
Keywords
- Cyber hygiene
- Gamification
- Malware
- Nudging
- Usable security
ASJC Scopus subject areas
- General Computer Science
- Law