Security in IS and social engineering -- an overview and state of the art

• Main Author: Sèdes, Florence
• Format: Journal Article
• Language: English
• Published: 17.06.2024
• Subjects: Computer Science - Cryptography and Security; Computer Science - Databases
• DOI: 10.48550/arxiv.2406.12938

Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and heterogeneous data generates risks with legal, social and financial impacts. This context of transition and openness makes the security of these IS central to the concerns of organizations. The digitization of all processes and the opening to IoT devices (Internet of Things) has fostered the emergence of a new formof crime, i.e. cybercrime.This generic term covers a number of malicious acts, the majority of which are now perpetrated using social engineering strategies, a phenomenon enabling a combined exploitation of ``human'' vulnerabilities and digital tools. The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the ``weak link'' of cybersecurity.As deployment policies prove insufficient, it is necessary to think about upstream steps: knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation approach.In this overview, we propose a synthesis of literature and professional practices on this subject.