Go to EUROUSEC 2021 homepageWhat breach? Measuring online awareness of security incidents by studying real-world browsing behavior
Abstract: Learning about real-world security incidents and data breaches can inform people how their information is vulnerable online and thus encourage safer security behavior. This paper examines 1) how often people read about security incidents online, 2) of those people, whether and to what extent they follow up with an action (e.g., trying to read more about the incident), and 3) what influences the likelihood that they will read about an incident and take some action. Our quantitative study of the real-world internet-browsing behavior of 303 participants finds a low level of awareness. Only 16% of participants visited any web page related to six widely publicized large-scale security incidents; few read about an incident even when it was likely to have affected them. We also found that more severe incidents and articles that constructively spoke about the incident were associated with more action. Our findings highlight two issues: 1) security awareness needs to be increased; and 2) current awareness is so low that expecting users to be aware and take remedial action may not be effective.
0 Replies
Loading