Cybersecurity: Everyone Now a Target and Defender

Understanding the evolving nature of cyber threats

In the current digital landscape, cybercrime has expanded beyond simple password theft to become a complex psychological battleground. Cybersecurity expert Dr Fatima Zahrah from the University of Bradford highlights that individuals across all sectors are now both targets and defenders in this ongoing online conflict.

From traditional scams to sophisticated attacks

Cybercriminals have moved past basic spam emails, adopting more advanced techniques such as spear phishing and whaling. Spear phishing involves highly targeted scams aimed at specific individuals, exploiting knowledge about their work and personal behaviour to extract sensitive information. Whaling targets senior executives and decision-makers, where the potential impact is significantly greater.

Additionally, the use of artificial intelligence has introduced new challenges, including deepfake technology that can imitate voices and video images to deceive victims into trusting fraudulent communications.

Recent high-profile cyber incidents

Recent cyber-attacks on major organisations illustrate the severity of these threats. The Co-op Group experienced a social engineering breach where attackers impersonated employees to gain access to IT systems, resulting in the compromise of 6.5 million member records, system shutdowns, and an estimated £206 million loss in revenue. Similarly, Marks & Spencer faced a six-week online outage with a reported £300 million impact on revenue, while Harrods also suffered cyber disruptions during the same period.

The importance of digital hygiene

Dr Zahrah compares digital hygiene to physical hygiene in military training, emphasising its role in reducing cyber risks. Simple everyday practices can help prevent attacks, including:

• Verifying the identity of email senders
• Using strong, unique passwords
• Enabling two-factor authentication
• Keeping software and applications up to date
• Being cautious before clicking on unexpected links or requests

Training future cybersecurity professionals

The University of Bradford offers specialised programmes such as the BSc Computer Science for Cyber Security and MSc Cyber Security, designed to prepare students for roles in protecting digital infrastructure. Students engage in practical exercises like penetration testing within air-gapped, secure environments that simulate real-world systems without risking operational networks.

Graduates from these programmes have secured positions in various sectors including professional services, healthcare, and manufacturing. The courses have provisional certification from the National Cyber Security Centre (NCSC), and students may be eligible for the CyberFirst Bursary.

Cybersecurity awareness for all

Dr Zahrah stresses that cybersecurity is not solely the responsibility of specialists. With the increasing reliance on digital technologies across industries such as finance, healthcare, education, and retail, everyone who uses online services is a potential target and thus plays a role in the collective defence against cyber threats.