Protecting against cybersecurity threats

Within today’s hyperconnected digital landscape, cybersecurity threats have evolved to become a complex and ever-present challenge for individuals, businesses and governments. While the rapid advancement of technology has opened up unprecedented opportunities, it has also created a playground for malicious actors and cyber criminals who aim to exploit security vulnerabilities for financial gain, ill-gotten confidential information, or simply to inflict damage.

These cybercrime threats can compromise sensitive information – such as credit card details or passwords for email or social media accounts – cripple computer systems, and even jeopardise national security, so it’s essential to have robust security solutions in place and to stay vigilant against emerging threats.

Common cybersecurity threats

To proactively protect against cyberattacks , it’s helpful to understand the different types of cybersecurity threats – particularly the ones most likely to strike.


Malware is a blanket term for various types of malicious software, including computer viruses and worms, that infiltrate systems with the intent of causing harm. This may be done via malicious links in emails, hacked websites, infected files or programmes, and so on.


Phishing attacks involve cybercriminals masquerading as legitimate entities to trick users into revealing sensitive data. While phishing scams will target a huge number of people, there are also attacks known as spear phishing, which target a specific individual. Phishing is a threat to organisational information security, but it can also lead to more personal consequences such as identity theft.


Ransomware attacks involve accessing, extracting, and encrypting a victim’s data in order to demand a ransom for its release. These attacks can target both individuals and high-profile organisations.


As its name suggests, spyware infiltrates systems to gather information without the user’s consent. A type of malware, spyware can record keystrokes, capture screenshots and even access webcams.


Trojan horse attacks disguise malicious code as legitimate software. Once installed, Trojans provide unauthorised access to the attacker through a system’s backdoor, and can lead to large-scale data breaches.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

Denial of service attacks work to overload a target system or network with a flood of traffic, rendering it unavailable to legitimate users. DDoS attacks amplify this effect by using multiple sources, often malware-compromised machines known as bots or a botnet.

Man-in-the-middle attack (MitM attack)

During a MitM attack, an attacker aims to intercept communications between two other parties without their knowledge. This allows the attacker to eavesdrop within the conversation, alter messages or even inject malicious code into the communications.

Structured query language (SQL) injections

SQL injection attacks manipulate a database query through malicious code. If successful, attackers can gain unauthorised access to a target system’s database and critical infrastructure and potentially even destroy it.

Understanding the difference between a cyber attack and a cyber threat

A cyber threat is a potential danger. It’s a threat that could exploit a vulnerability in a system or network, but may not come to pass.

A cyberattack , meanwhile, is a threat brought to life – a vulnerability exploited in order to compromise a system, steal data, disrupt services or carry out other malicious activities.

The best protections against cyber threats

There are a number of safeguards available to both individuals and organisations that want to bolster their digital defences against cybersecurity risks. Many of these have become increasingly important in the era of remote working, where people are working away from the office and therefore away from their employer-protected IP address and internet or Wi-Fi services.

  • Patch and update regularly. Keeping hardware – including laptops and mobile devices – as well as operating systems, software apps, and Internet of Things devices (IoT devices) up to date is essential. Software updates in particular often include patches that address known vulnerabilities – known as attack vectors – and prevent attackers from exploiting them.
  • Require additional user authentication. Implementing stronger-than-average authentication measures adds extra layers of digital security and makes it more difficult for unauthorised parties to gain access to data and wider systems. Examples of additional user authentication include two-factor authentication, multi-factor authentication and biometric verification. 
  • Invest in endpoint security. Endpoint security solutions protect individual devices from a wide array of threats, such as malware. They provide real-time monitoring, threat detection and immediate response capabilities.
  • Bolster network security. Using security measures such as firewalls plays an important role in safeguarding computer networks. Firewalls act as a barrier between a trusted internal network and untrusted external networks, scrutinising incoming and outgoing traffic while filtering out malicious content and potential threats as needed.
  • Apply encryption measures. Encrypting sensitive data for transmission and storage ensures that even if data falls into the wrong hands, it remains unreadable.
  • Complete regular backups. Regularly backing up data and other critical information to secure locations, such as in the cloud, ensures that it is always accessible and can help mitigate the impact of ransomware attacks and data breaches. Regular backups also protect against events such as system crashes or human error. 

According to Microsoft, an effective cybersecurity programme “includes people, processes, and technology solutions that together reduce the risk of business disruption, financial loss, and reputational damage from an attack.”

So in addition to technical safeguards, it’s also important that individual people have a firm understanding of cyber threats and cybersecurity education more generally. Within organisations, this includes:

  • Comprehensive cybersecurity training for employees to ensure they can recognise phishing attempts, social engineering tactics and other deceptive methods used by cybercriminals and hackers.
  • Staying informed about the latest threats and safety measures.
  • Having a well-defined incident response plan in place to ensure that the business can respond swiftly and effectively to cyber threats, and minimise potential damage.

Stay ahead of cybersecurity threats

Explore the fundamentals of cybersecurity – including typical threats and a range of technologies that can help to reduce risk, increase protection and remain compliant – with the 100% online MSc Computer Science with Cyber Security from the University of York. This flexible Masters degree is aimed at working professionals and graduates from disciplines outside computer science, and it’s studied entirely online, so you can complete your degree from anywhere around your existing personal and professional commitments. 

You will explore a range of cyber concepts and solutions such as cryptography and memory and resource management. Alongside the specialism in cybersecurity, you’ll also explore computational thinking and problem-solving across software, hardware and artificial intelligence.

What does a cybersecurity analyst do?

Last year, 39% of UK businesses identified a cyberattack on their networks, operating systems and infrastructure, with the most common threats including phishing, denial of service (DoS), malware and ransomware attacks. Of this group, 31% estimated they were targeted at least once a week.

With cybercrime rates on the rise – and methods of attack growing in sophistication – businesses must take their data security more seriously than ever. As a direct result, the job outlook for cybersecurity professionals with the skills to guard against security risks and threat actors is positive. In fact, according to the U.S. Bureau of Labor Statistics (BLS) it’s estimated that job growth for cyber and information security analysts is projected to increase 35% from 2021 to 2031 – much faster than the average for all occupations.

What is a cybersecurity analyst?

A cybersecurity analyst is a computer science professional who helps design and implement security systems and solutions to protect a company’s computer networks from cyberattacks. These specialists act as a ‘first line of defence’ against hackers and cybercriminals who try to exploit system vulnerabilities, defending hardware, software and networks from malicious activity and closely monitoring IT infrastructure and assets.

What does the role of a cybersecurity analyst involve?

The process and specifics of preparing for, and responding to, cybersecurity breaches may differ depending on the workplace, organisation and sector – however, the general outline of an analyst’s role remains the same.

Security analysts spend their time managing software, monitoring network security, developing security plans, reporting on security, and researching trends and developments in order to keep themselves – and the companies they protect – up to date and ahead of any potential issues.

Further day-to-day tasks and responsibilities often include:

  •   identifying and resolving threats in order to protect information systems
  •   defining access privileges
  •   implementing, maintaining and upgrading security measures, such as firewalls and antivirus security software
  •   performing penetration tests
  •   monitoring security breaches and following incident response procedures
  •   assessing risks and suggesting/developing improvements
  •   conducting ongoing audits and assessments to detect inefficiencies and violations
  •   compiling security performance reports and sharing results with stakeholders.

Are there different types of cybersecurity analysts?

While all cybersecurity professionals aim to protect systems, networks and software from cyberthreats and data breaches – ensuring the private information of businesses and individuals is secure – there is variety within the field. As such, there’s plenty of scope to narrow your cybersecurity focus and role to an area that most interests you or suits your skill set.

Indeed list a number of positions that are similar to cybersecurity analyst roles:

  •   Computer forensic analyst
  •   IT security specialist
  •   Security manager
  •   Security engineer
  •   Security consultant
  •   Director of security
  •   Security administrator
  •   Information security analyst
  •   Security specialist
  •   Chief information officer
  •   Network security engineer
  •   Machine learning engineer.

How can I get a job as a cybersecurity analyst?

While undergraduate and Masters degrees are a common – and quicker – route into the profession, you don’t necessarily need to work in cybersecurity. Securing an entry-level IT role, and then working your way up and into cybersecurity – by way of experience and gaining industry certifications – presents a good alternative. Apprenticeships in cybersecurity are also an option. However, if you do have a degree in an unrelated subject and wish to secure a graduate-level role in the cyber field, a computer science Master programme that covers cybersecurity is ideal.

There are a number of specific technical skills you’ll need to work as a cybersecurity analyst or in cyber-related fields. These include:

  •   application security development
  •   network security
  •   cloud security
  •   risk and compliance auditing
  •   penetration testing
  •   threat intelligence analysis
  •   identity and access management
  •   mobile and remote computing
  •   communication
  •   problem-solving 
  •   leadership
  •   creativity.

Over time, your degree subject will be less important to potential employers as you gain relevant skills and experience that demonstrate your cybersecurity capabilities.Other ways of developing the skills and competencies required is to participate in a cybersecurity bootcamp, or undertake an internship to gain practical work experience.

Do I need cybersecurity certifications?

Whether you’re an entry-level analyst, want to upskill in a specific area to enhance your existing practice or land a certain specialised role, a cybersecurity qualification could be the answer.

Whatever aspect of the cybersecurity field you’re interested in, the following cybersecurity certifications could help:

  • Certified Ethical Hacker Certification, where ethical hacking skills and expertise are used lawfully and legitimately to enhance and assess company cybersecurity
  • CISSP Certification (Certified Information Systems Security Professional), which validates skills related to the design, building and maintenance of secure business environments using globally approved information security standards
  • CISA Certification (Certified Information Systems Auditor), is a globally recognised certification validating skills in the audit, control and security of information systems.

CompTIA Security have compiled a detailed list of other highly regarded, widely accepted cybersecurity certifications. There are online options, full-time and part-time learning models, practitioner-led and self-guided options available, depending on your needs and current commitments.

What is the average salary of a cybersecurity analyst?

With demand for specialists soaring in recent years, cybersecurity can be a lucrative career path with great job security.

The cybersecurity analyst salary varies depending on type of industry, specific job requirements, job location, and individual skills and experience. According to Prospects, starting salaries average between £25,000-£35,000, experienced and senior analysts earn upwards of £35,000 and in excess of £60,000, and managerial and leadership roles can command upwards of £70,000 on average.

Gain the specialist skills to design, implement and monitor IT security measures

If you’re thinking about a fast-paced and rewarding cybersecurity career, develop the expertise and skills to succeed with the University of York’s online MSc Computer Science with Cybersecurity programme.

Our flexible, 100%-online course has been designed for individuals without computer science or information technology backgrounds. You’ll gain an in-depth and solid understanding of computing fundamentals, including computer systems and network infrastructure, protocols, programming techniques and languages – including Python – and data analytics. Alongside this, specialist modules in security engineering will cover cryptography, access management, password protection, safeguarding against cyber threats, memory and resource management, incident response planning, and more.

What is cryptography?

Modern cryptography is a process used to keep digital communications secure, ensuring that only the intended senders and receivers of data can view the information.

This is achieved by using cryptographic algorithms and keys, and includes a few key steps:

  1. The user’s original information – known as plaintext – is encrypted into something called ciphertext, which will be indecipherable to anyone except the message’s intended recipients. 
  2. The encrypted message is then sent to the receiver. Even in the event of interception by an unintended recipient, the cryptographic algorithms will safeguard and protect data. 
  3. Once received, a key is used for decryption, enabling  the receiver to access the original message.

Why cryptography is important

It’s clear that cryptography provides vital data security, and this has become increasingly important in today’s interconnected world where data flows non-stop across devices and networks, and the confidentiality, integrity, and authenticity of information has become paramount.

“Cryptography is one of the most important tools businesses use to secure the systems that hold their most important data assets,” writes Forbes in a 2021 article about cryptography. “Vulnerabilities resulting from an absence of cryptography or having noncompliant crypto and unmanaged public key infrastructure (PKI) lead to business disruptions, data breaches and brand erosion. The average cost of a breach in the U.S. is $8.6 million, according to IBM and the Ponemon Institute, and mega-breaches can surpass a whopping $1 billion.”

Understanding the difference between cryptography and encryption

Cryptography and encryption are closely related terms, but they refer to distinct concepts. Cryptography has a broader scope, including the entire field of techniques and methods for securing information. Encryption, on the other hand, is a specific method  used within cryptography to transform data into an unreadable format for unauthorised users. 

Types of cryptography

  • Symmetric cryptography. In symmetric cryptography, the same secret key – shared by the sender and the recipient – is used to encrypt and decrypt. The single key method is efficient for securing data, but securely exchanging the secret key between parties can present a security challenge.
  • Asymmetric cryptography. Asymmetric cryptography, or public key cryptography, uses two different keys. The first is a public key, which is accessible to anyone, and the second is a private key, which is kept secret by its owner. Asymmetric cryptography and public key encryption eliminate the need to exchange secret keys, but are more computationally intensive than symmetric cryptography.
  • Hash functions. Hashing algorithms that don’t require a key. For example, they’re used for verifying passwords.

How is cryptography used in digital security?

Cryptosystems have several key applications, including:

  • Safeguarding sensitive information. Cryptography is used to encrypt sensitive data, such as credit card details and digital currencies and cryptocurrency, during transmission and storage. 
  • Enabling authentication systems. Cryptographic techniques ensure the authenticity of messages and the identity of the sender. This helps in verifying the legitimacy of the sender and detecting any tampering with the message. Cryptography also prevents non-repudiation, ensuring that the sender of a message cannot deny their involvement in sending it, because digital signatures provide evidence that the message was indeed sent by the claimed sender.
  • Protecting data integrity. Cryptography ensures that data remains unchanged during transit by generating what’s known as a hash value, which is a fixed-size string derived from the original data. Any alteration to the data will result in a different hash value, alerting the recipient to potential tampering.
  • Securing communications. Cryptography provides secure communications, particularly on websites. For example, SSL (secure sockets layer) and TLS (transport layer security) ensure that data exchanged between a user and a server remains confidential.

Cryptography: examples

Common examples of cryptography algorithms and systems include:

  • Advanced Encryption Standard (AES). AES, a symmetric encryption algorithm, is widely used to secure sensitive information. It’s employed in various ways, from securing banking transactions to protecting classified government documents.
  • RSA (Rivest-Shamir-Adleman). A prominent asymmetric encryption algorithm, RSA is often used for secure key exchanges and digital signatures on the internet.
  • Diffie-Hellman Key Exchange. The Diffie-Hellman method enables the secure exchange of cryptographic keys over an insecure channel.
  • Data Encryption Standard (DES). DES is a symmetric key cryptography algorithm that encrypts chunks of data in what’s known as a block cipher.
  • Digital Signature Algorithm (DSA). DSA algorithms are used to generate and authenticate digital signatures. 
  • Elliptic Curve Cryptography (ECC). ECC can create asymmetric keys more efficiently than RSA algorithms.

The future of cryptography

The future of cryptography is in quantum cryptography, with the hope it provides unhackable data encryption. But while quantum computing can be used in aid of cryptography, it’s can also be used against it:

“Quantum computers use a different computing architecture that can solve certain types of problems much faster than classical computers, including the mathematical problems used in some encryption methods,” explains Forbes. “As such, quantum computers have the potential to render current encryption methods vulnerable to attack, compromising the security of sensitive data. Thus, the threat becomes real when more powerful quantum computers are developed in the future, which could defeat commonly used encryption systems.”

Experts believe that some cyber criminals are already storing encrypted data now in the hopes of decrypting it once they have access to more powerful quantum computers in the years to come:

“It’s becoming increasingly common for data thieves to steal and store data until more powerful computers can decrypt it and present opportunities for espionage, blackmail or sale in the future.”

Build secure cryptosystems with a career in cybersecurity

Develop your expertise in cryptography with the 100% online MSc Computer Science with Cyber Security from the University of York. This flexible Masters degree is aimed at working professionals and graduates from other disciplines who want to build a career in computer science and cyber security.

In addition to cryptography, you will explore a range of other cyber concepts and solutions such as memory and resource management, password protection, and denial of service attacks (DoS). You’ll also learn about programming techniques, computer and network security infrastructure and protocols, security risks and security engineering.

Cloud computing: security risks and security measures

Advances in cloud computing have revolutionised the ways in which businesses can operate. From data gathering and storage to interconnected, convenient working to fast scalability, they offer huge advantages that streamline processes, support flexible and sustainable growth, improve customer experiences, and boost competitiveness – among many others.

However, with more and more organisations relying on cloud-based technologies to conduct business – an estimated 94% of enterprises use a cloud service – it’s imperative that leaders invest in securing their systems against cyberattacks and other threats.

With cybercrime rates growing in tandem with widespread cloud adoption – tech giant Microsoft reportedly detects 1.5 million attempts a day to compromise its systems – companies are on the look-out for talented computer science and cybersecurity specialists who can help safeguard their assets.

What are the main security risks of cloud computing?

As well as being expensive, disruptive to business operations and damaging to brand reputation, cloud hacks can result in compromised confidential data, data loss and regulatory compliance failure. 

Whether it’s a public cloud, private cloud, multi-cloud or any other type, understanding the risks and security threats associated with cloud applications as a whole is critical. After all, an awareness of common risks ahead of time will help digital teams to better prepare for any eventuality.

Here are some of the most common security risks associated with cloud-based operations:

  • Unmanaged attack surface. The move to the cloud and an increase in remote work have fragmented attack surfaces, making it easy for attackers to find unmanaged assets with critical exposures. Each new workload that connects with these public networks presents a new, unmanaged attack surface.
  • Data breach. Data is the primary target of most cyberattacks – for example, internal documents that could sabotage a company’s stock price or cause reputational damage, and personally identifiable information (PII) and personal health information (PHI) which can lead to identity theft. Data breaches involve sensitive information being taken or compromised without the knowledge or permission of the owner.
  • Misconfiguration. Cloud service providers (CSP) – such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud and IBM Cloud are numerous and diverse, with many organisations choosing to use more than one. This can bring with it a degree of risk, as different default configurations and implementations can lead to critical system vulnerabilities – which cybercriminals and hackers will exploit.
  • Human error. Human error can present a huge risk when building any business application, and ever more so in relation to hosting cloud resources. In fact, Gartner estimates that by 2025, 99% of all cloud security failures will result from some degree of human error. For example, users may use unknown or unmanaged application programming interfaces (insecure APIs), inadvertently creating holes in cloud perimeters and leaving networks and sensitive data resources open to attack.

There are, of course, any number of other security risks and cloud security threats: denial-of-service (DoS) attacks, malware, phishing, data leakage, cloud vendor security risk, unauthorised access, insider threats, limited visibility of network systems and many more.

How can cloud security issues be managed?

While risk cannot be completely eliminated, it can certainly be managed.

As well as choosing a cloud service provider wisely, the following risk management and risk assessment strategies will help reduce the risks associated with using cloud environments:

  • Cloud penetration testing. Proactive testing is an effective method to assess the cloud’s current security measures by attempting to exploit vulnerabilities. It may also indicate areas for improvement ahead of a real attack, such as reinforcing a firewall or boosting other security software.
  • Data security audit. How often are routine security audits conducted? Complete transparency regarding cloud security measures – including how effective they are at protecting personal data and files and how they are implemented – is key.
  • Contingency planning. Is a business continuity plan in place that details a strategy for protecting cloud data and systems in the event of an emergency – and how often is it tested? Are there regular backups of cloud storage? Emergencies will vary but should include events such as natural disasters and catastrophic cyberattacks.
  • Security training. Can your CSP provide training to help upskill staff and protect against potential security risks? Team members who understand how their employer’s cloud storage and data management system works – and what the best practices are, such as enabling two-factor authentication and limiting access controls – will be better prepared to avoid attacks on their personal data, information and files.

Organisations should not be scared of using cloud software, but they should understand the risk and ensure the right risk management strategies are in place. From this strong position, they can maximise the benefits of transformational cloud technologies and use them to drive the business towards its goals.

Where can I learn more about good cloud security?

IT and cybersecurity professionals can find out more about how to implement robust cloud security from three key international frameworks.

The International Organization for Standardization (ISO) provides checklists that can help with establishing new cloud systems and cloud infrastructure.he National Institute of Standards and Technology (NIST) presents new system frameworks and supports troubleshooting of specific problems. Cloud Security Alliance (CSA) offers operational standards and resources for auditing and vetting systems.

Stay ahead of the latest security measures and developments to protect against cybercrime

Want to learn to develop and implement effective security controls to help organisations protect their assets and remain compliant?

Gain key understanding of computational thinking – and develop specialist understanding of cybersecurity challenges and solutions – with the University of York’s online MSc Computer Science with Cyber Security programme.

If you’re ready to switch to a career in the computer science and cybersecurity sector and develop skills and expertise applicable to almost any industry, our flexible course is the ideal choice for you. You’ll become adept at problem solving and addressing critical, real-world scenarios as you advance your knowledge of software, hardware, artificial intelligence, digital infrastructure, network systems, data science and data security.

What is infrastructure security in cloud computing?

Society’s pivot towards cloud computing environments for work and personal use has occurred at pace over recent years. With work migrating to the cloud and businesses adopting a cloud-first approach to wider operations more generally, our reliance on cloud applications grows by the day.

Business leaders and computer science specialists must ensure that adequate cloud computing security is prioritised amid these rapid technological advances and transitions. It’s a concern for many, with 75% of businesses and 68% of cybersecurity experts pinpointing misconfigured cloud infrastructure as the top security threat.

What is cloud infrastructure security?

The aim of cloud infrastructure security is to protect cloud-based assets from cybersecurity threats. There are a number of challenges presented by modern cloud computing – from regulatory demands to inconsistent and patchy security policies – which cloud security frameworks make it simpler and easier to address.

Despite this, traditional tools and methods of network security still create critical gaps and vulnerabilities that hackers can leverage. Some of the key security challenges and risks associated with cloud networks include:

  •         data breaches
  •         visibility
  •         migration of dynamic workloads
  •         misconfigurations
  •         unsecured APIs
  •         access control/unauthorised access
  •         securing the control plane
  •         security compliance and auditing
  •         end user error and lack of security awareness.

The nature of cloud systems is that they are dynamic; cloud resources can be particularly short-lived, with many being created and deleted multiple times each day. As a result, each individual ‘building block’ in a cloud network must be robustly and systematically secured – though it is made more complicated by working practice shifts such as bring-your-own-device (BYOD) and remote working.

Cloud data is primarily stored in public cloud and private clouds, although other cloud strategies – such as multi-cloud and hybrid cloud – are also popular. There are four main cloud computing service models: infrastructure as a service (IaaS), software as a service (SaaS), platform as a service (PaaS), and serverless.

What are the components of cloud infrastructure security?

There are at least seven basic components that make up a typical cloud environment and underpin infrastructure security.earning the best practices of each can help to secure each individual element against security threats:

  1. User accounts. User service accounts provide access to certain areas of critical cloud infrastructure.If compromised, hackers can gain access to sensitive data across the cloud network. These new accounts often feature default settings with little or no authentication processes. Identity and access management (IAC) tools can help to reinforce security by tightly controlling account access and authentication, cloud configuration monitoring can auto-detect unsecured accounts, and account usage as a whole can be monitored to detect real-time unusual activity.
  2. Servers. While cloud settings are rooted in virtualisation, physical hardware (including on-premises physical servers, load balancers, routers and storage devices) is still required behind the scenes, in different geographical locations. Maximising server security relies on controlling inbound and outbound communications – as well as encrypting communications – using SSH keys, and minimising access privileges.
  3. Storage systems. Abstracted storage systems and virtualised resources can use automation for scaling and provisioning requirements. Common security measures related to cloud storage include removing unused data, blocking access where it is not required, classifying data by its sensitivity, using identity and access management (IAM) systems, identifying and tracking connected devices, and using cloud data loss prevention (DLP) tools.
  4. Networks. Cloud services and systems can make use of public networks and virtual private networks (VPNs) – known as a VNet in Azure and a VPC in Amazon. Best practices for networks include using security groups and Network Access Control Lists (ACL) to limit network access, establishing firewalls to detect malware and other suspicious activity, and deploying cloud security posture management (CSPM) tools.
  5. Hypervisors. All cloud systems are based on hypervisors, making it possible to run multiple virtual machines with separate operating systems. For organisations using private cloud systems, securing hypervisors is a critical responsibility. This means hardening, patching, isolating and physically securing any machines that use hypervisors to data centers. Additionally, securing hardware caches, monitoring development and testing environments and controlling access is required.
  6. Databases. Cloud databases – together with the applications and cloud servers they are linked with – are vulnerable to data breaches as they are easily exposed to public networks. Any database security strategy should include limiting network access, enabling database security policies, locking down permissions, ensuring end user device security, and hardening configuration and instances.
  7. Kubernetes. All cloud computing layers need to have protective defences in place. Kubernetes, an open-source system that supports containerised applications, states that there are four key areas where security controls must be in place: code, containers, clusters and cloud.

If not properly configured and reinforced by best practice, each component can present an attack surface for cybercriminals to target.

What’s next for cloud infrastructure security?

If there’s one certainty in the cloud security space, it’s that its constant evolution demands that business leaders and providers stay on top of developing trends and threats.

Experts predict an increasing focus on the use of cloud forensics and incident response, allowing cybersecurity specialists greater visibility over, and faster response to, multi-cloud, serverless and container-based threats. Any tools and strategies that support process automation and simplification are also welcomed, and considered fundamental in addressing skills gaps in the digital security space and reducing cloud complexity. Throughout this evolution and beyond, security teams must prioritise proactive vigilance in order to effectively protect systems and assets, and manage use and scalability sustainably and securely.

Learn how to develop and implement impactful, effective cybersecurity solutions

Are you thinking about switching careers and joining the in-demand cybersecurity and data protection sector?

If so, you can gain essential computational thinking skills – together with an in-depth, practical understanding of safeguarding against cyberattacks – with the University of York’s online MSc Computer Science with Cyber Security programme.

Designed specifically for individuals from non-computing backgrounds, our flexible, 100%-online course covers a comprehensive range of topics to develop your skills and expertise including programming, network and IT infrastructure, system architecture and data science. In addition, you’ll gain in-depth understanding of the cybersecurity space – studying topics such as cryptography, cloud security, memory and resource management, access management auditing, data security and password protection – and applying cyber solutions to real-world problems.

What is IoT security?

The Internet of Things (IoT) refers to ‘the concept of connecting any device that has an on/off switch to the Internet and other connected devices’. This huge wireless network of internet-connected devices and people enables data collection and sharing on a vast, global scale, encompassing both how electronic devices are used and how users interact with environments. The IoT includes smart devices – the common, physical objects connected within the IoT ecosystem via Wi-Fi or Bluetooth – such as smart watches, smartphones, smart vehicles and smart home appliances.

However, while IoT provides convenience and accessibility on a colossal scale, it also brings with it a great number of risks. Without sufficient protection, IoT devices that are allowed to connect to the internet can be susceptible to various critical vulnerabilities and exploitations – a fact businesses and service providers must be aware of if they are to protect against security risks.

What is IoT security and why is it important?

The ever-expanding number of pathways between IoT systems and devices creates a greater capacity for ‘threat actors’, such as cybercriminals and hackers, to intercept and interfere with digital technologies. Cyberattacks are a matter of national and international security, as businesses and individuals who fall victim to cybercrime risk having their identities, money, data or other properties stolen.

Issues of cybersecurity and cybercrime continue to pose critical threats to organisations and individuals across the world, as recent statistics illustrate.

  • The average cost of a single ransomware attack is $1.85 million – and cybercrime will cost companies worldwide an estimated $10.5 trillion by 2025.
  • The rate of detection or prosecution of cybercriminals is as low as 0.05%.
  • 43% of cyber attacks are aimed at small businesses, but only 14% are sufficiently prepared to defend themselves.

Such attacks have the potential to disrupt usual business operations, cause damage to important assets and infrastructure, lead to extortion, and demand a huge amount of budget and resources to remedy – resources many businesses simply do not have.

IoT security, therefore, refers to the broad range of strategies, protocols, techniques and actions used to mitigate the increasing risk of threats all modern businesses face. It aims to secure IoT devices and connected networks and operating systems from threats and breaches by protecting, identifying and monitoring risks across all attack surfaces, as well as assisting to resolve security weaknesses.

What are the main security issues facing IoT systems?

According to the National Crime Agency, the most common attack types include: hacking, phishing, malicious software and distributed denial of service (DDoS) attacks. Security threats are as numerous as they are creative, and their exact nature can vary across industries and the types of device, use cases and systems under threat. For example, the healthcare sector relies on IoT devices that feature some of the highest share of security issues, such as medical imaging systems, patient monitoring systems, and medical device gateways. Other key contenders across other industries include energy management devices, IP phones, consumer electronics, printers and security cameras.

The most common IoT security threats can be divided into three main categories.

  1. Exploits, accounting for 41% of threats: examples include network scans, remote code executions, command injections, buffer overflows, SQL injections and zero-days.
  2. Malware, accounting for 33% of threats: examples include worms, ransomware, backdoor trojans and botnets (such as Mirai).
  3. User practice, accounting for 26% of threats: examples include password vulnerabilities, phishing and cryptojacking.

In practice, these threats are often due to:

  • weak, guessable or hardcoded passwords
  • insecure network services
  • insecure ecosystem interfaces
  • lack of secure update mechanisms
  • use of insecure or outdated components
  • insufficient privacy protection
  • insecure data transfer and storage
  • lack of device management
  • insecure default passwords and settings
  • lack of physical hardening.

Fortunately, there are a whole host of real-time security measures organisations can adopt and implement to protect their network-connected systems, assets and workforces.

What are the most important IoT security solutions?

IoT security is often described as ‘the backbone of the internet’. Threats, challenges and IoT attacks are real and require the immediate attention of all businesses. IoT system vulnerabilities and threats keep mutating – so our security solutions must do the same.

If effective and lasting solutions to security threats are to be developed and implemented, organisations must take into account the entire IoT security lifecycle: understand IoT assets, assess IoT risks, apply risk reduction policies, prevent known threats, and detect and respond to unknown threats.

With this knowledge and insight in place, cybersecurity professionals can begin rolling out IoT security best practices including:

  • tracking and managing all devices
  • conducting patching and remediation efforts
  • updating passwords and credentials
  • using up-to-date encryption protocols
  • conducting penetration testing and evaluation
  • understanding the endpoints
  • ensuring segmentation of networks
  • enabling multi-factor authentication.

These are just some of the many methods that can reinforce IoT device security. Using specialist software and tools, such as Microsoft Defender for IoT, is another option organisations can also invest in for more comprehensive coverage.

Gain the skills to protect against cyberattacks and enforce network security

Develop key computational thinking skills – and learn how to safeguard systems against cyber security challenges, threats and techniques – with the University of York’s online MSc Computer Science with Cyber Security programme.

Designed for individuals who don’t have a computing or IT background, our 100% online, flexible course equips you with the knowledge, skills and understanding to move into a career in the computer science sector. You’ll develop a keen theoretical and practical understanding of programming techniques, computer and network infrastructure, security risks and security engineering, and explore cyber concepts such as cryptography, cloud security, memory and resource management, password protection and DoS. Every aspect of your learning will have critical, real-world application, and you’ll be supported by experts in the field throughout your online studies.

Choose from modules including security engineering, advanced programming, cyber security threats, artificial intelligence and machine learning, algorithms and data structures, and much more.

Understanding the UK’s central government

The United Kingdom operates under a governance system that includes both a central government and devolved governments. While the devolved governments – Scotland, Wales, and Northern Ireland – have their own areas of authority, the central government plays a crucial role in high-level decision-making in England and across the entirety of the United Kingdom. 

What is the central government of the UK?

The central government of the United Kingdom is the overarching authority responsible for managing the nation’s affairs as a whole. It is based primarily in Westminster, London, where key governmental functions are carried out.

The central government includes:

There are also two additional public sector categories in the UK.

  • Local government includes regional authorities, local authorities and parish councils, and delivers local services.
  • Public corporations are managed by either the central government, a regional government, a local authority or a parish council.

The central government, meanwhile, works with devolved governments, local governments, and public corporations to ensure the well-being of the entire UK population.

Who controls the UK’s central government?

The UK’s central government is managed by the elected representatives of the people.

The ultimate authority rests with the UK Parliament, which consists of two houses.

  1. House of Commons
  2. House of Lords

Members of Parliament (MPs) from different political parties are elected by the public to the House of Commons, and they play a vital role in scrutinising and enacting legislation.

The Prime Minister, who is the head of the UK government and appoints ministers to its Cabinet, is typically the leader of the political party commanding a majority in the House of Commons.

What does the UK’s central government do?

The central government in the UK manages a number of critical tasks, including:

  • setting, implementing and administering government policy
  • enacting laws and legislation
  • managing the economy
  • overseeing national security
  • delivering essential government services in areas such as health and social care, education, transportation, defence, justice and the environment
  • safeguarding the nation’s values and principles.

The main responsibilities of the UK’s central government

Central government has a number of responsibilities, though there are four main areas of primary importance.

Governance and decision-making 

Central government represents the interests of the entire United Kingdom, overseeing the functioning of local government authorities and ensuring consistency in the application of policies and regulations. It also makes high-level decisions in international affairs, such as negotiating treaties and maintaining diplomatic relations with other countries.

Service provision

The central government is responsible for providing essential public services. This includes healthcare through the National Health Service (NHS) in England, education through the Department for Education (DfE), law enforcement through the Home Office, and pensions through the Department for Work and Pensions (DWP). 

Civil administration

The central government employs the UK’s Civil Service – the impartial body which supports the day-to-day operations of government departments and implements their policies.

Policy work 

The central government develops policies aimed at addressing various challenges faced by the nation, and aims to enhance the UK’s quality of life, its social, economic, and environmental outlook, and so on. This policy work begins by assessing the needs of the country and its citizens and then building strategies that address these needs. Once policies are established, the government then delivers their implementation through legislative and executive actions.

Examples of central government in the UK

The Cabinet Office

The Cabinet Office is an important arm of the UK’s central government, created to support the Prime Minister as well as the effective running of government.

According to the Cabinet Office, its responsibilities are varied, including:

  • developing, coordinating, and implementing policies
  • supporting the National Security Council and the Joint Intelligence Organisation
  • coordinating the government’s response to crises and managing the UK’s cyber security
  • finding efficiencies through innovation, procurement and project management, and new ways to deliver services
  • making government more transparent
  • managing the Civil Service
  • overseeing political and constitutional reform.

The Cabinet Office also oversees the Government Digital Service team, which manages the public information website. 

The Home Office

The UK’s Home Office is a ministerial department tasked with keeping its citizens safe and the country secure. It oversees:

  • immigration and passports
  • drugs policy
  • reducing and preventing crime
  • fire prevention and rescue
  • counter-terrorism measures
  • police services.

According to the Home Office, the department’s main priorities as of June 2023 are:

  • cutting crime, including cyber-crime and serious and organised crime
  • managing civil emergencies
  • protecting vulnerable people and communities
  • reducing terrorism
  • controlling migration
  • providing public services and contributing to prosperity
  • maximising opportunities arising as a result of the United Kingdom leaving the European Union.

The Department of Health and Social Care (DHSC)

The Department for Health and Social Care is responsible for developing and implementing policies around health and social care services across England. It also supports the three devolved nations to a lesser degree, with Scotland, Wales, and Northern Ireland each having their own health services.

To achieve its aims, the DHSC collaborates with healthcare professionals, county councils and other local government bodies, health researchers and other stakeholders to ensure the effective delivery of healthcare across the population.

The DHSC’s focus includes improving access to quality healthcare, addressing health inequalities and advancing the government’s commitment to achieving net zero emissions in the health and social care sector.

Advance your career in the public sector

Enhance your skill set and increase your career opportunities in the public and nonprofit sector with the University of York’s 100% online MBA Public Sector Management. This flexible MBA programme has been designed for early-career and mid-career professionals in nonprofit, public, and government organisations seeking to progress their careers.

You will develop the skills and knowledge needed to work in fast-paced, change-driven environments, navigate complex policy contexts, and enhance performance – all while sustaining public service values. Key modules cover topics such as management strategy, financial resources, leading change, policy analysis, public-private partnerships and ethical social leadership.

What is network security?

Network security is the term used for the collection of policies, practices, and technologies that are used to protect computer networks – and the data they transmit – from unauthorised access, misuse or disruption.

Network security works to secure both the physical and virtual components of a network – including routers, servers, gateways, wireless networks, and other devices connected to the network infrastructure – from threats and breaches.

In an interconnected world where information flows seamlessly between devices and networks, network security has become a fundamental tool for protecting against cyber threats.

Why is network security important?

Network security is one of the most effective tools available in the fight against hackers and other cybercriminals. And, with technology central to most of our daily activity, network security is now a critical consideration in all digital development. Network security works to:

  • Protect sensitive data. Network security safeguards sensitive information such as financial data, personal records or intellectual property from unauthorised access and disclosure, ensuring privacy and confidentiality.
  • Mitigate financial loss. Effective network security measures help prevent financial losses – including penalties and fines – resulting from data breaches. These measures can also prevent the financial losses that arise from disruptions to business activities, operations, or services.
  • Preserve organisational reputation and trust. A breach in network security can severely damage an organisation’s reputation, eroding trust among customers and stakeholders.
  • Ensure regulatory compliance. Many industries have specific regulations regarding data protection and security. Implementing network security measures helps organisations comply with these regulations and avoid legal consequences.
  • Maintain business continuity. Network security measures such as backups and disaster recovery plans can ensure the continuity of operations and minimise downtime in the face of security incidents.

Common threats to network security

Network security systems may face a range of threats and cyber attacks that aim to exploit vulnerabilities, gain access to networks and data or disrupt network operations.

Understanding these threats is the first step towards implementing effective network security measures.

Common threats include:

  • Phishing. Phishing attacks trick users into revealing sensitive information such as login credentials or financial details by posing as legitimate entities via email or deceptive websites.
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS). DoS and DDoS attacks overwhelm network resources, rendering services inaccessible and causing widespread disruption. These are targeted attacks that flood a system with traffic in an effort to crash it and make it inaccessible to legitimate users.
  • Malware. Malicious software including viruses, worms, and ransomware, can infiltrate systems and compromise network security, leading to data breaches and system damage.
  • Unauthorised access. Hackers can exploit weak access controls or vulnerabilities to gain unauthorised entry into networks, potentially compromising sensitive data or launching further attacks.

Common network security measures

There are many types of network security measures, and network security systems will typically employ a variety of them to fortify defenses and mitigate potential risks. 

  • Firewalls. Firewalls act as gatekeepers within a network. They monitor and filter incoming and outgoing network traffic based on predefined security rules, prevent unauthorised access to the network and protect it against potential threats.
  • Intrusion detection systems (IDS). Intrusion detection systems alert organisations when suspicious activity is detected within a network.
  • Intrusion prevention systems (IPS). Intrusion prevention systems work to block malicious activity.
  • Virtual private networks (VPNs). VPNs establish secure, encrypted connections over public networks, ensuring confidentiality and privacy for remote access and communication.
  • Antivirus and anti-malware software. These tools detect, prevent, and remove malicious software such as viruses, Trojans, spyware, ransomware and other threats to network security.
  • Data loss prevention (DLP) tools. DLP solutions monitor and control sensitive information. In doing so, they can prevent unauthorised disclosure, ensure regulatory or legal compliance, and minimise data breach incidents. 
  • Network access controls. Network access is an important area of network security. It encourages strong authentication mechanisms such as passwords, multi-factor authentication or biometrics to verify an authorised user’s identity and grant appropriate access privileges within the network.
  • Security policies. Comprehensive security policies outline important areas of internal network security such as guidelines for acceptable use, data handling, email security, password management and security awareness training for employees.
  • Network segmentation. Network segmentation divides networks into isolated segments. Doing so limits the potential impact of a security breach because it prevents unauthorised movement within the wider network.
  • Endpoint security. Endpoint security ensures that network endpoints such as computers, laptops and mobile devices have up-to-date antivirus software, regular patches and secure configurations.
  • Application security. Application security works to safeguard individual organisational apps for providers.
  • Encryption. Encryption protects sensitive data from unauthorised interception and maintains its confidentiality during transit and storage.
  • Behavioural analytics. Behavioural analytics are a proactive network security measure. They assess network traffic and user behaviour to detect anomalies and potential security threats, ensuring that issues are identified and addressed as soon as possible. 

The future of network security

As cyber threats continue to evolve, so too must the technologies, processes and network security solutions that network administrators use to address them. This includes:

  • Regularly updating security controls.
  • Staying informed about emerging vulnerabilities and best practices.
  • Harnessing new technologies, such as artificial intelligence-powered security information and event management (SIEM), as they become available.

Network security must continue to advance in line with new and emerging cyber security threats. This means keeping up with and using the latest technologies such as those in artificial intelligence, machine learning, deep learning and automation, so those responsible for information systems are well prepared to manage threats of the future.

Keep networks secure with a career in computer science

Break into the cyber security sector with the 100% online MSc Computer Science with Cyber Security from the University of York. This flexible Masters degree is aimed at working professionals and graduates from other disciplines who want to build a career in computer science and develop expertise in cyber security.

Explore programming techniques, computer and network infrastructure and protocols, security risks, and security engineering alongside a range of cyber concepts and solutions. You will also develop an understanding of typical cyber threats and a range of technologies that can help to reduce risk, increase protection, and remain compliant.

How does social structure affect international business?

The number of companies operating internationally is increasing, with many UK businesses setting their sights on global trade despite an uncertain economic outlook. Airwallex – a financial technology platform that supports businesses with their expansion efforts – reports that 70% of UK small-medium enterprises (SMEs) plan to scale internationally in 2023.

Globalisation has given rise to international trade and global business partnerships, connecting companies and consumers across geographical, political, social, economic and cultural boundaries. Those operating in our global marketplace – with its vast web of multinational stakeholders, including employees, supply chain contacts and policymakers, customers, business partners and investors – must understand that society and culture has an impact on every aspect of overseas business.

How does social structure affect business?

How organisations construct, coordinate and engage with their workforces, business activities and wider marketplaces is closely linked to social structure. The impacts can be far-reaching, from how they interact with their environments to the values that drive and shape their work.

The social structures and contexts businesses operate within can have significant impact – whether positive, negative or neutral – on a host of aspects.

  • Cohesion – how do businesses maintain identity and structure while balancing internal and external pressures?
  • Adaptation – how do businesses innovate and integrate in response to changing environments?
  • Hierarchy and power relations – how do businesses handle questions of autonomy, power management, resource allocation, negotiation and organisational models?
  • Conflict – how do businesses seek to address organisational blockages, poor productivity, insecurity, high stress levels, labour disputes or absenteeism?

Decision-making across each of these axes has subsequent impacts on any number of factors, such as social and identity links between employers and employees, communication and communication tools, and the flow of information.

Business leaders and managers must examine and reflect on these – and other – critical issues. Awareness of social structures and how they relate to organisational management is one aspect, but any awareness should be followed up by considered, responsible solutions, where required.

And that’s before the global business dimension is added to the mix.

Why do social factors and structures matter in international business?

The individual social structures and contexts of different demographics, communities, countries and nations all feed into the complex, interconnected space of global business and operations. They play a key role in shaping both macro and micro business practices: how the organisation is managed, what goods and services are produced, how they will be sold, what managerial and operational practices are established and, ultimately, how successful an international venture will be.

Businesses with international and multinational interdependencies must consider the predominant attitudes, values and beliefs of the countries in which they operate if they are to succeed in their business goals and avoid issues and tensions.

Sociocultural factors to be mindful of include:

  • culture
  • language
  • religion
  • education level
  • customer preferences
  • societal attitudes

Sociocultural differences and values impact every aspect of business practice. How do employees like to be managed? Is entrepreneurship encouraged? Are business ethics and social responsibility prioritised? What competencies are valued and rewarded? How is organisational social change received?

If they are to remove barriers to success, operational ease, as well as workplace cohesion and profit, leaders must remain cognisant of these factors. Balancing different social structures and values will support organisations to:

  • create stability, order and a framework in which all stakeholders can interact, cooperate and co-exist
  • understand the complex relationships between different social cultures and structures and their roles
  • predict the behaviours and responses of others
  • share information and resources for collective benefit
  • provide laws, regulations and social norms which support desired behaviours and attitudes
  • establish a sense of identity, belonging, unity and purpose.

This last point is particularly important, as Mark Granovetter – an American sociologist and professor, dubbed the ‘father of social network analysis’ – demonstrates in his Strength of Weak Ties theory. The theory posits that ‘weak ties’, such as those that exist between acquaintances (‘strong ties’, alternatively, are those between close friends) can help to form a bridge between clusters of people – such as disparate groups in the workplace. Novel information, therefore, can then be shared across these clusters, resulting in greater widespread awareness and inclusivity than would occur via people with strong ties.

How can cultural differences be managed by international businesses?

Stereotypes, misunderstanding and ignorance related to different cultures and traditions can lead to disruption, offence, and the inability of some teams to work effectively or handle cross-cultural business dealings.

Effective management of cultural differences is not only the remit of human resource management: it extends to every corner of an organisation and must be embedded in everyday business practice.

Managing cultural differences includes embracing diversity and accommodating differences, promoting open communication, discussing and modelling shared company culture and behavioural norms, rallying teams around shared visions and common causes, and providing training, awareness and leadership of cultural diversity.

What are the current and emerging social issues for international businesses in 2023?

For many business leaders, an unstable social, economic, political and environment backdrop will present as many threats as it does opportunities – and, in turn, may impact existing social structures and frameworks.

Global business insights and thought leadership experts INSEAD Knowledge outline some of the events, contexts and trends for businesses to remain aware of:

  • climate change
  • income and wealth inequality
  • social instability
  • inflation and recession risks
  • geopolitical crises

Adapt to international contexts, challenges and opportunities with ease

Gain a fundamental, in-depth understanding of finance, economics, and the management of complex organisations with the University of York’s online MSc Finance, Leadership and Management programme.

Excel as a financial leader with the skills, knowledge and drive to respond quickly and effectively to changeable financial and business environments. You’ll become adept at developing solutions, seizing opportunities, thinking strategically and leading international businesses to achieve their aims. As well as specialist expertise regarding financial markets and the tools and theories of finance, your flexible studies will cover investment management, asset pricing, financial strategy, operations management and more.

What is mobile security?

Mobile security is the term used for the various measures that protect mobile devices – such as smartphones and tablets, as well as their data and their associated networks – from unauthorised access or other forms of cyberattack.

Mobile device security measures safeguard any sensitive data stored on or transmitted by mobile devices, and have become crucial now that smartphones have become such an integral part of people’s daily lives.

Why is mobile security important?

Smartphones are everywhere, and have become essential for navigating the modern world. Whether it’s completing an online banking transaction or scanning a QR code to order at a restaurant, people are on their phones all the time – and that’s not even factoring in all of the personal and professional communication that happens on mobile devices, from emails and text messages, to social media apps.

It’s clear today’s phones have evolved beyond mere communication devices and are now repositories of personal, financial and professional information. The implications of mobile data breaches can be severe, including identity theft, data loss, loss of device functionality and financial loss. But by prioritising mobile security, individuals and organisations can mitigate these risks and maintain control over their digital lives.

Common threats to mobile security

There are a number of common risks to mobile security, and these can apply to any mobile device regardless of make or model:

  • Malware. Malicious software, commonly referred to as malware, poses a significant threat to mobile security. It can infiltrate devices through compromised apps, infected websites, or malicious links, allowing cybercriminals to gain access to sensitive data or even grant criminals control over the device.
  • Phishing attacks. Phishing is a technique used by cybercriminals to deceive people into revealing sensitive information such as passwords or credit card details. They often do this by disguising themselves as legitimate organisations in emails, SMS text messages, or on fake websites.
  • Public Wi-Fi networks. While convenient, public networks can be insecure and prone to digital eavesdropping. Hackers can intercept data transmitted over these networks, potentially gaining access to usernames, passwords and other confidential information.

There are also threats and scams that are more likely to target particular devices, such as Android or Apple devices.

Common threats to mobile security on Android devices

Android is the most-used operating system across mobile devices worldwide. It’s also a very open system – virtually anyone can create an app for Android, and it’s relatively straightforward to add an app to the Google Play Store. Because of this, Android devices are more susceptible to malicious mobile apps, which can contain hidden malware or gather sensitive data with a user’s knowledge or permission.

Android’s popularity also makes it a lucrative target for cybercriminals who want to exploit vulnerabilities in the operating system to bypass security measures and gain access to private data or control over a device.

Common threats to mobile security on Apple devices

Apple devices are locked down, which means that they’re less open to customisation when compared to products offered by Android, but it also means they’re better protected against cyber threats. Although Apple’s App Store has stringent security measures in place however, malicious apps occasionally manage to slip through. These apps may contain malware or engage in unauthorised data collection.

Another risk is known as jailbreaking. Jailbreaking an iPhone or iPad is often intentionally done by the owner of an Apple product in order to gain access to the device’s operating system and customise its interface or install software that’s unsupported or unavailable through Apple:

“Apple’s ‘walled garden’ approach to its software has always been in contrast to the variety of options provided by the Android OS for customization,” say cybersecurity experts Kaspersky. “A key motivation of many jailbreakers is to make iOS more like Android.”

Doing so, however, can make Apple’s security features more vulnerable and expose the device to security threats.

Common mobile security measures

While there are many threats to mobile security, there are also many safeguards that can protect mobile devices. These include:

  • Security software. There are a variety of antivirus programmes and platforms that can be installed to protect devices and personal data. These programmes typically target a host of common threats such as ransomware and spyware. Most devices also typically have their own built-in security systems that are developed by their providers, such as Microsoft orApple.
  • Authentication and encryption. Strong authentication mechanisms such as PINs, passwords, biometrics, or two-factor authentication add an extra layer of security to mobile devices. Encryption, meanwhile, ensures that data stored on devices or transmitted between devices over networks remains secure and unreadable to unauthorised parties while in transit.
  • Mobile device management (MDM) systems. Organisations can implement MDM solutions to manage and secure corporate-owned mobile devices. MDM enables IT or cybersecurity professionals to enforce security policies, remotely wipe data and control access to sensitive resources. These systems are typically seen as safer than what’s known as bring your own device (BYOD), which allows people to use their own devices for work. BYOD makes things like endpoint security, email security, and application security more difficult for organisations and can potentially expose them to increased risk.
  • Virtual private networks (VPNs). Using VPNs on mobile devices can be effective protection against unauthorised access to the device and its data. This is because VPNs effectively encrypt the connection between the device and the internet.

The future of mobile security

As technology continues to evolve, so do the threats to mobile security. This is why it’s important that individuals and organisations aim to stay one step ahead of cybercriminals, and that mobile security solutions continue to evolve and develop as well.

Ongoing areas of advancement include:

  • Biometric security. Biometric methods of authentication such as facial recognition and fingerprint scanning are already becoming commonplace. They typically offer more secure access to mobile devices because they don’t rely on passwords or PINs that can be shared or stolen.
  • Improved app security. App developers and stores continue to strengthen security measures to prevent the distribution of malicious apps and protect their users’ personal information.
  • Cloud security integration. Mobile devices are increasingly relying on cloud services, a trend that necessitates the robust integration of mobile and cloud security measures to collectively safeguard any data stored and accessed from the cloud.
  • Artificial intelligence and machine learning. These technologies are expected to play a crucial role in detecting and mitigating mobile security threats by analysing patterns, identifying anomalies and proactively defending against attacks.

Build secure mobile networks with a career in cybersecurity

Develop skills in computational thinking alongside an academic understanding of cyber security threats and techniques with the 100% online MSc Computer Science with Cyber Security from the University of York. This flexible Masters degree is aimed at working professionals and graduates from other disciplines who want to build a career in computer science and cyber security.

You will develop an understanding of typical cyber threats and a range of technologies that can help to reduce risk, increase protection and remain compliant. You’ll also explore computer and mobile networks, with discussions around networks and the internet, network architecture, communication protocols and their design principles, wireless and mobile networks, network security issues, networking standards, and related social, privacy, and copyright issues.

Public sector economics

Central government is responsible for controlling and managing the public sector, which exists to meet the needs of the general public and to improve both their lives and wellbeing. Funded by taxpayers, it’s a broad sector of the economy encompassing education, healthcare, social welfare, infrastructure, emergency services, public transportation, government agencies, law enforcement and national defence, as well as all manner of other public goods and services.

Public sector size and scope is largely dictated by the economic and political systems that exist in a given country, and so public sector goods and services can vary considerably between different countries. Its organisations and businesses are not profit-driven – they simply aim to provide essential products and services to the people. One of its overarching aims is the redistribution of resources to minimise economic and social inequalities, for example through social programmes, social security and welfare initiatives, and progressive taxes.

What are the main differences between the public and private sectors?

There are numerous similarities and differences between the public and private sectors. Here is a comparative snapshot of some of the most clear-cut disparities.


Meeting the needs of the population – and enhancing their overall quality of life – is the primary aim of the public sector. While private companies who provide similar services may have various aims, their main driver is profit.

Finance and funding 

Most enterprises in the public sector are funded via public taxes such as income tax and national insurance. In contrast, private sector enterprises must generate their own financial backing – for example, by gaining venture capital or investment, or through the sale of their goods and services.


Private sector firms – which number around 5.5 million – are privately owned, either by firms or individuals, and operate in the free market. They have no link to central or local government and are owned by non-governmental entities. State-owned enterprises, public bodies and businesses are owned by the government.

Service range and availability 

Public goods and services do not offer as wide a variety of options as private businesses are able to, although there is much crossover in terms of the industries found in both sectors.

Public-Private Partnerships (PPPs) 

PPPs are a method through which governments can procure and implement public goods, services and infrastructure using the expertise and resources of private sector companies. For example, incentives for PPPs include where efficiency needs to be improved or facilities are outdated, private organisations can support with finances, technology, labour and fresh ideas and solutions.

What are the pros and cons of the public sector?

The public sector is understandably complex. Meeting the needs of a diverse, multi-generational population who may live very differently is no easy task. As such, there are several advantages and disadvantages associated with it.

Advantages of the UK public sector include:

  • provision of vitally important services – such as education, transportation and healthcare – to every citizen, regardless of social standing, income or other demographic
  • its responsibility and efforts related to developing, maintaining and stimulating economic growth, economic development, and stability
  • employment for millions of people and greater job security than the private sector
  • the charities and non-profits found within the sector that are committed to addressing social issues such as prejudice, inequality, mental health and poverty.

Disadvantages of the UK public sector include:

  • bureaucracy and processes that result in inflexibility, slow response times and an inability to pivot to changing demands
  • exposure to stringent monitoring and restrictions that are barriers to operational efficiency
  • a lack of creativity and reluctance to change, particularly in comparison to the fast-paced, innovative private sector
  • exposure to political will and intervention that lead to politically driven, as opposed to practical, decisions
  • criticism of government spending, budget inefficiencies, and misuse or waste of taxpayer money.

Is the public sector or private sector better for job creation?

Job creation is generally more prolific in the private sector – a result of its ability to offer employment in areas of high demand, and the sector’s flexibility in responding to real-world market trends and customer preferences. Across both sectors, much overlap exists in terms of available industries and job types. However, private sector jobs far outnumber public sector jobs and, as such, greater employment opportunities are found in that sphere.

Both sectors play an important role in terms of employment and job creation. While the private sector is well-positioned and efficient regarding job creation, government spending has greater size and scope. 

The private sector is also critical to a nation’s broader development strategy, and is free to grow and develop as it has thanks to government spending on key products and services such as healthcare, infrastructure, education, research, and financial services. In the context of a stable macro-economy, private enterprises can invest, innovate, trade and increase employment.

What is privatisation of public services?

The Institute for Government defines privatisation as the ‘the sale of publicly owned assets to private investors [who] take on responsibility for operating, managing and investing in the assets – and providing any services that derive from them in return for a fee from users.’ Some common examples of privatisation in the UK include rail networks, mail services, and public utilities such as water, energy and telecoms.

Recently, there have been concerns that other public organisations – most notably the National Health Service (NHS) – may become privatised. For many citizens, this raises worries about access to vital services and the ongoing quality and maintenance of such services.

Help design a public sector that improves societal outcomes

Are you keen to ensure public finance is spent in the right places? Do you want to learn how political economy and economic theory are balanced? Interested in the quality of government service provision, such as public education?

Guide decision making – and boost issues of sustainability, diversity and global citizenship – with the University of York’s online MBA Public Sector Management programme.

Our 100% online course is a good fit for you if you’re passionate about transforming our shared future and ready to take the next step in your career. You’ll grow into a competent, skilled leader – with expertise spanning operations management, public policy analysis, levels of government intervention, ethical social leadership, marketing, economic systems, strategic thinking, and finance and fiscal policy – ready to tackle the complex needs of the public and non-profit sectors.

Understanding the global business environment

The global business environment is a complex one. When businesses operate across national borders to buy, sell, produce or manufacture goods and services in different countries, they are obligated to consider a number of important variables. This includes different:

  • tax systems and tariffs
  • legal requirements
  • regulatory and compliance frameworks
  • social and cultural norms
  • political climates
  • technologies
  • economic and market factors
  • shipping and transport processes

In addition to these considerations, international business management requires organisations to have a solid understanding of the current conversations, trends, issues and challenges that can impact businesses operating in the global market.  

Current topics and challenges in global business


Inflation – the term used to describe rising prices – is one of the biggest issues facing businesses today. As of March 2023, the UK inflation rate had reached 10.4%, a significant rise on the target rate of 2%.

According to the Office for National Statistics (ONS), consumer price inflation in the UK has reached highs not seen in around 40 years.

“Higher tradable goods prices reflect the global recovery from the coronavirus (COVID-19) pandemic, including the effects of imbalances in product and labour markets,” the ONS states. “Food and energy prices have also increased markedly this year, particularly gas prices, largely in response to the conflict in Ukraine.”

The challenge isn’t confined to the UK, though, with the global inflation rate hitting 8.8% in 2022, according to the International Monetary Fund (IMF)

For businesses, high inflation rates can have a number of consequences. For example, they can increase the cost of business operations and reduce purchasing power. However, it’s worth noting that the IMF predicts global inflation will fall to 6.6% during 2023, and then to 4.3% in 2024. 

Global supply chain issues

Many businesses are currently grappling with global supply chain issues, with the supply and shipments of goods unable to keep up with demand, causing global shortages. The supply chain crisis is another challenge exacerbated by the coronavirus pandemic, but other culprits include changes in international trade – Brexit as one example – in addition to shifts in demand and labour shortages.

International business research by J.P. Morgan found that in addition to these problems, there are a number of challenges and risk factors stemming from the Russia-Ukraine conflict and recent COVID-19 lockdowns in China.

  • Air-freight transportation limitations particularly impacts on use of the Asia-Europe lane where planes would typically travel through Russian airspace.
  • Rail freight disruptions issues connected to the overland rail link from China to Europe which passes through Russia.
  • Northern European port congestion – another spillover impact from the Russia-Ukraine conflict. Ships have had to be rerouted causing congestion and leading to delays in cargo flows
  • Manufacturing delays – reduced manufacturing, a truck driver shortage, and other consequences as a result of the recent lifting of COVID-19 lockdowns in China. 

According to KPMG, however, businesses have a number of options to help navigate their way through supply chain issues. These include adopting a flexible business strategy that can adapt by using technology to reduce operating costs and diversify the way customer needs are met, and through implementing responsive fleet management and supply chain networks.

Human resource management

Human resources in an international context is known as global human resources management, and it is a necessity for multinational corporations (MNCs) or any other businesses employing workforces across multiple countries.

Through global human resource management systems, organisations can manage and support their staff by adapting their policies as necessary for different laws and legislation. 

International marketing

As businesses expand into the global environment or other emerging markets, they will need to consider their international marketing strategy.

International marketing enables businesses to effectively promote their goods and services to audiences outside their domestic market. They can adapt to different cultures and languages when building brand awareness in a new territory, and consider outsourcing for cultural expertise in specific regions where needed.

Corporate social responsibility

It has become common practice for a business strategy to include an element of corporate social responsibility (CSR). Corporate social responsibility offers businesses models of how to operate and conduct entrepreneurship in a socially responsible way.

According to Harvard Business School, there are four types of CSR.

  1. Environmental responsibility, which aims to reduce environmentally harmful practices, regulate energy consumption and offset negative environmental impacts.
  2. Ethical responsibility, which focuses on fair practice and business ethics.
  3. Philanthropic responsibility, which aims to make the world and society a better place.
  4. Economic responsibility, which aims to commit to environmental, ethical and philanthropic responsibilities while also maximising profits.


An increasing number of enterprises around the world are introducing sustainability into their business processes and policies to the benefit of both the environment and the business itself. For example, IBM suggests that 80% of consumers say sustainability is important to them and are willing to pay a premium for goods from brands that are environmentally responsible.

There are various metrics businesses can use to assess their sustainability. The World Bank suggests 10 sustainability principles:

  1. Be climate resilient.
  2. Be energy smart.
  3. Be water efficient.
  4. Ensure resource efficiency.
  5. Reduce waste.
  6. Promote sustainable land management.
  7. Eliminate corruption.
  8. Enhance diversity and inclusion.
  9. Ensure staff wellbeing.
  10. Engage and preserve the community.

Mergers and acquisitions

Global mergers and acquisitions are expected to remain strong in 2023. Despite economic uncertainty created by challenges such as the conflict in Ukraine and ongoing supply chain bottlenecks, accounting firms such as PwC suggest there are opportunities for businesses to create new partnerships and take advantage of attractive valuations, lessened competition and new assets coming to market.

Why is it important to understand the global business environment?

Businesses that have a solid understanding of the global economy and international business environment are better positioned to manage challenges and take advantage of new opportunities. A prepared business can: 

  • gain a competitive advantage in the global marketplace
  • secure new avenues for foreign direct investment
  • use evidence to support strong business decision-making
  • implement appropriate risk management measures.

Take an in-depth look at the contemporary topics in global business

Advance your career with the University of York’s flexible Master of Business Administration (MBA). This distance learning degree is taught part-time and 100% online, which means you can learn around your current professional commitments and apply your studies to your existing career. It includes a key module in contemporary topics in global business, focusing on new, relevant, and up-to-date macro and micro business topics. You will also explore how people and processes interact to shape the global business environment while considering the political and economic factors that affect organisations.