The Neuroscience Behind Digital Security
You’re on the web, responding to an email or watching a YouTube video, when a message pops up on your browser. Do you read it, or do you close the window and get back to what you were doing?
Be honest. You know you’re going to click “ignore.”
But what if you just closed a malware warning? By ignoring the message, you’re inadvertently endangering your digital data. Doing so doesn’t necessarily make you lazy or inattentive—it makes you human, says Marriott School information systems professor and neurosecurity researcher Bonnie Anderson.
“As much as we train our users, biology is fighting against the way much of technology is designed,” Anderson says. “Our end goal is to find techniques developers can use that work with biology, instead of against it.”
Anderson and her team of researchers, which include neuroscientists and cybersecurity experts at BYU and beyond, are using brain-scanning technology to study the cerebral processes behind computer-user behavior. They’ve found evidence that brains don’t handle multitasking well; when security warnings interrupt computer users during certain tasks—like typing, closing windows, and watching videos—they are more likely to be ignored.
The researchers’ work in combining neuroscience with cybersecurity has been attracting attention from some big names—the group has presented to Adobe and Apple, and they received a duo of grants from Google. The Google funding, Anderson explains, is only the icing on the cake. The real benefit is Google’s direct involvement with the research, matching real-world problems with research-based solutions.
In fact, the collaboration is helping the tech giant rewrite the algorithm for the timing of Google Chrome’s security warnings. An upcoming release of the browser will be more attuned to the human brain. Instead of popping up immediately, malware messages may appear when a video ends or a before new page loads—times when, according to BYU research, users are most likely to pay attention.
“It’s not a common thing for researchers to actually see their work implemented so quickly,” Anderson notes. “One of my favorite parts of this research is the real application.”
Security-message timing is only one of the neurosecurity team’s projects. They are also studying the best design for these messages—how to make them visually interesting and different from other types of messages so the brain doesn’t ignore them.
With continuing funding from Google and the National Science Foundation, the neurosecurity team has a slew of conferences to attend and papers in the pipeline for publication, with even more discoveries to come, all aimed at making digital security more intuitive.