I have a red button I found online that says “Do not press”. If you press it, it has one of ten or so responses, including laughter, explosions, and generally making fun of the presser. I’ve had this toy in my office for some time, just sitting on my desk. It’s very amusing to me the number of people who must press the red button, even though it says “don’t”.
I even found a picture of it.
Some statistician friends found out about this button and started designing an experiment. We should put variants of the button around campus and keep track of what part of campus presses the button the most depending on the variant. Unfortunately, we never followed through but the planning was very enjoyable.
To me, this is very analogous to users in cybersecurity. Phishers send a very tempting link and people must click on it to see what it is. Or they send just a link, and people must click on it. Is it a fundamental need to click on the link, like it is to click the button?
Users are often our first line of defense in Cybersecurity. If they didn’t click on the link, or ignore the security policy, or answer the phone call and fall victim to social engineering, we’d have a lot fewer problems.
Is it the interface to the machine that’s causing the problem or is it ultimately a human problem? DTRAP welcomes your research on this problem. Our special issue on Human Machine Interaction is waiting for you if you’ve considered this problem.