It's All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice
نویسندگان
چکیده
We examine the cost for an attacker to pay users to execute arbitrary code—potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice—not to run untrusted executables—if there was a direct incentive, and how much this incentive would need to be. We observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.
منابع مشابه
A Tale of Two Mechanisms: Incentivizing Investments in Security Games
In a system of interdependent users, the security of an entity is affected not only by that user’s investment in security measures, but also by the positive externality of the security decisions of (some of) the other users. The provision of security in such system is therefore modeled as a public good provision problem, and is referred to as a security game. In this paper, we compare two well-...
متن کاملUsers as the Biggest Threats to Security of Health Information Systems
There are a lot of researches in the world about attacks on information systems (IS). Although there have been many attempts to classify threats of IS’s especially in Health Information Systems (HIS), it is still necessary for all health organization to identify new threats and their sources which threaten security of health care domain. The main aim of this paper is to present a research agend...
متن کاملAn Empirical Investigation of the Determinants of Users Acceptance of E-banking in Singapore: Based on Technology Acceptance Model
Singapore is depicted to be the fastest growing telecommunications nation in Asia. Presently, all the members of the Singapore banking industry have engaged in the use of Information and Communication Technology as a platform for effective and efficient means of conducting financial transactions. This paper focuses on determining the level of users’ acceptance of the electronic banking services...
متن کاملIt ain't what you do, it's the way that you do it: a qualitative study of advice for young cannabis users.
INTRODUCTION Advice is a widely recommended and practised intervention with young drug users. Study of precisely how advice is given and received in any setting has, however, been limited. DESIGN AND METHODS We qualitatively analysed 106 audio-recordings of advice sessions on cannabis use for young people within a randomised trial. Inductive data analysis was guided by a focus on practitioner...
متن کاملNumerical modelling of the underground roadways in coal mines– uncertainties caused by use of empirical-based downgrading methods and in situ stresses
Numerical modelling techniques are not new for mining industry and civil engineering projects anymore. These techniques have been widely used for rock engineering problems such as stability analysis and support design of roadways and tunnels, caving and subsidence prediction, and stability analysis of rock slopes. Despite the significant advancement in the computational mechanics and availabili...
متن کامل