Article | REF: H5358 V1

Social engineering and security of the information system - The need for prevention

Authors: Florence SEDES, Jonathan DEGRACE

Publication date: May 10, 2025 | Lire en français

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


Overview

ABSTRACT

We present attack mechanisms linked to social engineering, such as phishing or smishing techniques. Their prevention in the context of Information Systems (IS) cybersecurity, where human vulnerabilities account for 74% of attacks, exploiting cognitive biases and human weaknesses, based on AI tools, is strategic.

Current countermeasures (training, prevention) remain limited. Dynamic and gaming approaches, reinforcing critical thinking, combined with organizational policies and integrating the human element as a key asset in a proactive security strategy, aim to anticipate future threats and yet unknown scenarios.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHORS

 INTRODUCTION

The management of an organization's essential data is becoming increasingly sensitive as the risk of (cyber) attack increases: the Information System (IS) as a whole must be protected against financial, legal, reputational and other damage. Interconnections with other organizations, the increasingly widespread use of the Internet of Things (IoT –Internet des Objets) and the heterogeneity of different IS, are widening the attack surface usable by cybercrime, encouraging its growth:

  • 74% of cyber attacks have a human component and are based on social engineering methods;

  • 50% are phishing business emails.

The use of technologies such as generative AI and Machine Learning (ML) is increasing the quality and quantity of cyberattacks.

Social engineering is the use of human manipulation and deception techniques through digital tools, and is used against organizations as well as individuals. Social engineering attacks reveal the human element as the "weak link" in an organization's cyber defense. Depending on the cybersecurity prevention methods employed, results in terms of resistance to social engineering vary widely.

In this context, it is important to review the various factors that make it possible to design and, ultimately, prevent cyber-attacks early and effectively, in particular through collaboration between technical and human know-how.

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors
+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year
From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Digital documents and content management

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
Social engineering and information system security