Social engineering and security of the information system - The need for prevention

Add to my library

H5358 V1 Article

Social engineering and security of the information system - The need for prevention

Authors : Florence SEDES, Jonathan DEGRACE

Publication date: May 10, 2025 | Lire en français

Add to my library Add to my library

Logo Techniques de l'Ingenieur You do not have access to this resource.
Request your free trial access! Free trial

Already subscribed?

Overview

ABSTRACT

We present attack mechanisms linked to social engineering, such as phishing or smishing techniques. Their prevention in the context of Information Systems (IS) cybersecurity, where human vulnerabilities account for 74% of attacks, exploiting cognitive biases and human weaknesses, based on AI tools, is strategic.

Current countermeasures (training, prevention) remain limited. Dynamic and gaming approaches, reinforcing critical thinking, combined with organizational policies and integrating the human element as a key asset in a proactive security strategy, aim to anticipate future threats and yet unknown scenarios.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHORS

  • Florence SEDES : University Professor - University of Toulouse, formerly Toulouse 3 – IRIT

  • Jonathan DEGRACE : Cybersecurity consultant - IT Dexper

 INTRODUCTION

The management of an organization's essential data is becoming increasingly sensitive as the risk of (cyber) attack increases: the Information System (IS) as a whole must be protected against financial, legal, reputational and other damage. Interconnections with other organizations, the increasingly widespread use of the Internet of Things (IoT –Internet des Objets) and the heterogeneity of different IS, are widening the attack surface usable by cybercrime, encouraging its growth:

  • 74% of cyber attacks have a human component and are based on social engineering methods;

  • 50% are phishing business emails.

The use of technologies such as generative AI and Machine Learning (ML) is increasing the quality and quantity of cyberattacks.

Social engineering is the use of human manipulation and deception techniques through digital tools, and is used against organizations as well as individuals. Social engineering attacks reveal the human element as the "weak link" in an organization's cyber defense. Depending on the cybersecurity prevention methods employed, results in terms of resistance to social engineering vary widely.

In this context, it is important to review the various factors that make it possible to design and, ultimately, prevent cyber-attacks early and effectively, in particular through collaboration between technical and human know-how.

You do not have access to this resource.
Logo Techniques de l'Ingenieur

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed?


KEYWORDS

prevention   |   security of informations systems   |   cybercrime   |   attack   |   AI   |   social ingineering

Ongoing reading
Social engineering and security of the information system - The need for prevention

Article included in this offer

"Security of information systems"

( 88 articles )

Complete knowledge base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

View offer details

Dans les ressources documentaires

Sécurité de l’information, cybersécurité et protection des données de vie privée - NF EN ISO/IEC 27001 : 2023

La sécurité de l'information fait partie du périmètre de la normalisation (ISO et AFNOR). À savoir les no...

NIS2 et ISO/IEC 27001 – Vers une cyberrésilience de l’Union européenne

L'objet de cet article est d’apporter des précisions sur la directive NIS2, les différences avec la norme...

Cyberespionnage : la menace APT

Cet article propose de faire le point sur les attaques informatiques « APT », acronyme internat...

Cloud Computing - Informatique en nuage

Le Cloud Computing est une révolution dans la manière d’organiser, de gérer et de distribuer des ressourc...

Tous les livres blancs
Article ChatGPT :  l’IA franchit une étape majeure
16 January 2023
ChatGPT : l’IA franchit une étape majeure

La moitié des copies d’étudiants d’une faculté de Lyon rédigées par l’intelligence artificielle, Microsoft annonçant vouloir investir 9 milliards d’euros, une a...

Toutes les actualités
Contact us