By providing innovative IT advice and solutions for companies across the country, Onca Technologies is blazing new trails in the sector


KURTIS Toy founded Onca Technologies with the aim of helping clients implement a range of IT projects, with a particular focus on cyber security. 

He and his team are ideally placed to help clients understand and counter the cyber threat environment.

His expertise is widely recognized and he is the Chief Operating Officer (COO) of the new UK Cyber Centre of Excellence. This is an initiative that aims to assist all local authorities and UK public bodies to stay abreast of cyber threats. 

“I have spent a lot of time in the cyber security field. I began building the foundations of Onca back in 2016 when I was working on my second Masters degree in IT and cyber security. I had a number of other projects on the go and we opened our doors in earnest a year ago, with a view to helping a range of businesses. 

“In our pre-launch period, we helped a number of small to medium-sized businesses build a range of different IT projects. Then higher value contracts started coming along and we have gained a lot of momentum in recent months,” he says.

Toy points out that while cybercrime is an issue of huge concern to businesses of all sizes, only the biggest companies can afford to hire an experienced Chief Information Security Officer (CISO) full time.

The solution, he says, is for small to medium-sized businesses to think about budgeting for what Onca calls ‘a virtual CISO’ or vCISO. 

“Becoming a victim of cybercrime is, unfortunately, an all too common experience for many firms,” he says. Statistics show that some 80% of UK organisations fell victim in one way or another to a successful cyber attack through the period 2021 to 2022. 

A vCISO, he explains, is a cyber security expert who takes on responsibility for managing an organisation’s information security on a consultancy basis. Just as a full-time CISO would, the vCISO helps to ensure that the client organisation is in a position to protect its data and technology and to meet its compliance obligations.

The Herald:  

Toy points out that breaches and attacks come in a variety of guises and companies can easily miss the fact – at least in the short term – that they have been hacked.  

“We came across a client who had fallen victim to a particularly insidious email breach,” he notes. The unfortunate client’s business involved some chunky invoices. 
The hackers left the client’s normal email business alone and targeted the recipients of the larger invoices. 

They mimicked the style and content of the client’s regular emails and told the client’s customers that the client had changed their bank details. 

Naturally, the customer paid to the new bank details, which made the hackers happy and left the client substantially out of pocket.  It was a hard one to resolve but Toy says that in this instance, the client had caught it in time and the bank was able to return the funds.  

“People do not realise that even straightforward email exchanges can be part of the threat landscape. A vCISO can provide the in-depth knowledge and vision to help companies secure themselves properly, and will help them to develop contingency and business continuity plans,” he says. 

Companies need to understand what defence in depth means in their specific circumstances. “This is about far more than simply having anti-virus software and implementing all the patches on your operating systems and applications. 

“We are seeing hijack attacks targeting the core data of businesses emanating from state sponsored attacks affecting businesses across the size spectrum, from the smallest to the largest. Businesses need help and we are there to provide it,” he comments.