Cyber war: why we’re all foot soldiers now

In the shadowy world of cybercrime, the battlefield is digital, the weapons are psychological, and the targets - increasingly - are us.

From rogue hackers to state-sponsored actors, the tactics are evolving. Gone are the days of clumsy spam emails from imaginary princes. Today's attackers are deploying sophisticated techniques like 'spear phishing' and 'whaling' - targeted scams designed to trick individuals into handing over sensitive information. And according to Dr Fatima Zahrah, lecturer in Computer Science at the University of Bradford, we're all now foot soldiers in this war.

"Spear phishing is when attackers tailor their approach to a specific individual," she explains. "They know who you are, who you work with, and what you're likely to respond to. It's disturbingly effective."

Spear phishing and whaling

Whaling, she adds, is spear phishing's more ambitious cousin - aimed at high-level executives and decision-makers, where the stakes (and the potential payoffs) are far greater.

And with the advent of artificial intelligence, cyber-attacks are more sophisticated than ever, sometimes involving 'deep fakes' that can mimic voices and even video images to trick to trick victims into believing they're interacting with a trusted source.

The recent cyber-attack on the Co-op Group is a case in point. In what Dr Zahrah describes as a "social engineering breach," attackers posed as employees, phoned the IT helpdesk and requested password resets. The result? A compromise of 6.5 million member records, a shutdown of key systems, and a reported £206 million revenue loss.

And they weren't alone. In the same fortnight, M&S and Harrods were also hit, with M&S suffering a six-week online outage and a £300 million dent in revenue.

Online arms race

"It's like an arms race," says Dr Zahrah. "We develop countermeasures, and they develop new ways to bypass them. The human layer - our behaviour, our habits - is often the weakest link."

That's why she believes 'digital hygiene' is now as important as physical hygiene once was in military training.

"Just as washing your hands reduces the spread of germs, small steps online - like verifying senders, updating apps, or enabling two-factor authentication - can stop threats before they spread."

"Digital hygiene is about the little things that keep you safe every day. Brushing your teeth prevents decay; checking an email address before you click can prevent a data breach. In practice, that means simple habits: using strong, unique passwords, double-checking unexpected requests, keeping software up to date, and pausing before clicking on suspicious links."

Air-gap practice

At the University of Bradford, students on the BSc Computer Science for Cyber Security and MSc Cyber Security programmes are trained to think like both defenders and attackers. They practise penetration testing on an air-gapped server - a secure, offline environment that mimics real-world systems without risking the University's infrastructure.

"It's like basic training for the cyber battlefield," says Dr Zahrah. "Students learn to spot vulnerabilities, deploy countermeasures, and understand the psychology behind attacks."

Graduates have gone on to roles at firms like KPMG, NHS and Rolls-Royce, working in both offensive and defensive cyber roles. The courses are provisionally certified by the National Cyber Security Centre (NCSC), and students are eligible to apply for the CyberFirst Bursary.

Online targets

But Dr Zahrah is clear: cyber security isn't just for specialists.

"Everyone needs some level of cyber awareness. Whether you're in finance, healthcare, education or retail - if you go online, you're a potential target. And that means you're also part of the defence."