Social Engineering and Information System Security-A Survey on the Necessity of Prevention
摘要
This survey investigates the persistent and evolving threat of social engineering to information system security, emphasizing the urgency of prevention strategies. With 74% of cyberattacks involving a human component, social engineering exploits cognitive biases, emotional responses, and psychological manipulation to deceive individuals and breach organizational defenses. The integration of AI significantly amplifies these threats, enabling hyper-personalized, scalable, and deceptive attacks through tools like deepfakes and generative language models. This paper categorizes various attack vectors—phishing, smishing, vishing, social phishing, quishing, and cyber-grooming—detailing their mechanisms and psychological underpinnings. It further explores how AI facilitates the entire attack lifecycle, from reconnaissance to exploitation and exit, by automating pretexting, generating tailored content, and adapting in real-time to target behavior. Beyond the technical perspective, the study stresses the human dimension of cybersecurity, highlighting the need for user training, critical thinking, and dynamic awareness programs. While current countermeasures range from AI-driven detection systems to organizational protocols, their effectiveness varies due to usability limitations and adaptation challenges. The paper advocates for transdisciplinary approaches combining social science insights with technical innovation. It concludes by recommending scalable, adaptive, and ethically compliant prevention strategies, calling for continuous evaluation, regulatory alignment, and user empowerment. The findings underline the necessity of shifting users from security vulnerabilities to active defense assets in the face of increasingly sophisticated AI-powered social engineering.