Analysis & Commentary
-
10 JULY 2026
NCSC's Cyber Essentials Pathways Pilot Wasn't Built for SMEs — But Two of Its Findings Are
NCSC's Cyber Essentials Pathways pilot is aimed at large, complex organisations proving alternative controls — not SMEs. But its evidence-over-self-attestation finding and its AI/patching warning land directly on the standard certification route too.
-
19 MAY 2026
FCA, Bank of England and Treasury Issue Joint Warning on Frontier AI Cyber Risk
A joint statement from the FCA, Bank of England, and HM Treasury warns that frontier AI is amplifying cyber threats to regulated firms at speed and scale. GET-IT's March audit of 2,011 UK domains showed precisely the gap they're now pointing at.
-
15 MAY 2026
The Compliance Tailwind: Why the King's Speech Just Changed the Budget Conversation for UK Security Teams
The Cyber Security and Resilience Bill confirms that regulatory obligations are expanding. GET-IT's passive audit of 2,011 UK domains shows most organisations are nowhere near ready — but the remediation is more achievable than boards think.
Forensic Case Studies
The NHS WannaCry Crisis
How the 2017 WannaCry ransomware attack paralysed the NHS, cancelled 19,000 appointments, and exposed the catastrophic cost of poor cyber hygiene.
Read the briefing → RECONNAISSANCEForensic Log: The Scraping Trap
A chronological breakdown of how a public email address was harvested, enriched, and targeted within 7 days of site launch.
Read the log → WORDPRESS HARDENINGWordPress Hardening Case Study
How GET-IT transformed a vulnerable WordPress site into a silent, attack-resistant target — and the forensic proof that it works.
Read the case study →SME Horror Stories
Cybercriminals aren't always trying to outsmart your systems; they are trying to outsmart your team. A fake invoice or a password reset creates just enough panic to bypass logic. Your team isn't careless — they are human, dealing with hundreds of emails while trying to do their jobs. The goal is an architecture where a single human mistake doesn't result in total business collapse.
The "Quiet Tuesday" Breach
A busy employee clicks a "supplier invoice" link. Within hours, financial records are encrypted. This isn't a human failure; it's an architectural one.
95% of breaches start exactly like this.
The Trojan Vendor
A small UK engineering firm was breached specifically to gain a "trusted" bridge into their Tier-1 aerospace client.
1 in 3 SMEs never reopen after the fallout.
The Unpatched Doorway
A VPN server left unpatched for a weekend allowed an automated bot to deploy ransomware at 3:00 AM.
65,000 automated attacks hit UK SMEs daily.
Pax8 Partnership Case Files
The $250k "Evil Twin" Fraud
How a law firm's hijacked email and a single character swap led to a mortgage provider's total financial loss.
Open forensic report → RANSOMWAREThe $750k "Enabled" Invoice
One "Enable Macros" click allowed hackers to read a firm's P&L and demand exactly what they knew the firm could pay.
Open forensic report → IoT VULNERABILITYThe Thermostat Portal
How a private school's "Smart" climate control system became an open door for network-wide malware injection.
Open forensic report →Recent & Notorious Breaches
Jaguar Land Rover Data Leak
A prime example of how third-party provider vulnerabilities expose global manufacturers.
View intel → PAYROLL/GDPRThe M&S / Zellis MOVEit Breach
How one software vulnerability compromised the payroll data of thousands of UK employees.
View intel → EXISTENTIAL THREATKNP Logistics: A 158-Year Legacy Ends
In 2023, a single guessed password brought down a UK logistics giant founded in 1865. Despite 150+ years of history, the lack of robust backups meant the business could not survive 10 days of downtime.
View intelligence →