Overview
ABSTRACT
We present attack mechanisms linked to social engineering, such as phishing or smishing techniques. Their prevention in the context of Information Systems (IS) cybersecurity, where human vulnerabilities account for 74% of attacks, exploiting cognitive biases and human weaknesses, based on AI tools, is strategic.
Current countermeasures (training, prevention) remain limited. Dynamic and gaming approaches, reinforcing critical thinking, combined with organizational policies and integrating the human element as a key asset in a proactive security strategy, aim to anticipate future threats and yet unknown scenarios.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHORS
-
Florence SEDES: University Professor - University of Toulouse, formerly Toulouse 3 – IRIT
-
Jonathan DEGRACE: Cybersecurity consultant - IT Dexper
INTRODUCTION
The management of an organization's essential data is becoming increasingly sensitive as the risk of (cyber) attack increases: the Information System (IS) as a whole must be protected against financial, legal, reputational and other damage. Interconnections with other organizations, the increasingly widespread use of the Internet of Things (IoT –Internet des Objets) and the heterogeneity of different IS, are widening the attack surface usable by cybercrime, encouraging its growth:
74% of cyber attacks have a human component and are based on social engineering methods;
50% are phishing business emails.
The use of technologies such as generative AI and Machine Learning (ML) is increasing the quality and quantity of cyberattacks.
Social engineering is the use of human manipulation and deception techniques through digital tools, and is used against organizations as well as individuals. Social engineering attacks reveal the human element as the "weak link" in an organization's cyber defense. Depending on the cybersecurity prevention methods employed, results in terms of resistance to social engineering vary widely.
In this context, it is important to review the various factors that make it possible to design and, ultimately, prevent cyber-attacks early and effectively, in particular through collaboration between technical and human know-how.
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
KEYWORDS
prevention | security of informations systems | cybercrime | attack | AI | social ingineering
CAN BE ALSO FOUND IN:
Social engineering and information system security
Definition of social engineering
Article included in this offer
"Security of information systems"
(
86 articles
)
Updated and enriched with articles validated by our scientific committees
A set of exclusive tools to complement the resources
Bibliography
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
