In association with
ONCA TECHNOLOGIES
By providing innovative IT advice and solutions for companies across the country, Onca Technologies is blazing new trails in the sector
KURTIS Toy founded Onca Technologies with the aim of helping clients implement a range of IT projects, with a particular focus on cyber security.
He and his team are ideally placed to help clients understand and counter the cyber threat environment.
His expertise is widely recognized and he is the Chief Operating Officer (COO) of the new UK Cyber Centre of Excellence. This is an initiative that aims to assist all local authorities and UK public bodies to stay abreast of cyber threats.
“I have spent a lot of time in the cyber security field. I began building the foundations of Onca back in 2016 when I was working on my second Masters degree in IT and cyber security. I had a number of other projects on the go and we opened our doors in earnest a year ago, with a view to helping a range of businesses.
“In our pre-launch period, we helped a number of small to medium-sized businesses build a range of different IT projects. Then higher value contracts started coming along and we have gained a lot of momentum in recent months,” he says.
Toy points out that while cybercrime is an issue of huge concern to businesses of all sizes, only the biggest companies can afford to hire an experienced Chief Information Security Officer (CISO) full time.
The solution, he says, is for small to medium-sized businesses to think about budgeting for what Onca calls ‘a virtual CISO’ or vCISO.
“Becoming a victim of cybercrime is, unfortunately, an all too common experience for many firms,” he says. Statistics show that some 80% of UK organisations fell victim in one way or another to a successful cyber attack through the period 2021 to 2022.
A vCISO, he explains, is a cyber security expert who takes on responsibility for managing an organisation’s information security on a consultancy basis. Just as a full-time CISO would, the vCISO helps to ensure that the client organisation is in a position to protect its data and technology and to meet its compliance obligations.
Toy points out that breaches and attacks come in a variety of guises and companies can easily miss the fact – at least in the short term – that they have been hacked.
“We came across a client who had fallen victim to a particularly insidious email breach,” he notes. The unfortunate client’s business involved some chunky invoices.
The hackers left the client’s normal email business alone and targeted the recipients of the larger invoices.
They mimicked the style and content of the client’s regular emails and told the client’s customers that the client had changed their bank details.
Naturally, the customer paid to the new bank details, which made the hackers happy and left the client substantially out of pocket. It was a hard one to resolve but Toy says that in this instance, the client had caught it in time and the bank was able to return the funds.
“People do not realise that even straightforward email exchanges can be part of the threat landscape. A vCISO can provide the in-depth knowledge and vision to help companies secure themselves properly, and will help them to develop contingency and business continuity plans,” he says.
Companies need to understand what defence in depth means in their specific circumstances. “This is about far more than simply having anti-virus software and implementing all the patches on your operating systems and applications.
“We are seeing hijack attacks targeting the core data of businesses emanating from state sponsored attacks affecting businesses across the size spectrum, from the smallest to the largest. Businesses need help and we are there to provide it,” he comments.
oncatech.com
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here