Mohammad Ali Khan
Mohammad Ali Khan
Mohammad Ali Khan is the founder and director of Pacific Technology Group, a London-based cybersecurity and IT governance consultancy. With over 15 years of experience in IT infrastructure, security operations, and managed services, he advises UK organisations on cyber resilience, identity security, disaster recovery, and AI governance. Mohammad leads PTG's advisory practice across regulated sectors including legal, financial services, healthcare, and education.
Articles by Mohammad
UK Directors Face Personal Liability for Cyber Failures
The Cyber Security and Resilience Bill removes the 'ignorance defence' for UK directors, introducing personal liability for cyber governance failures alongside NIS2 and financial services regulations.
Read article →
Smart Factories Create Perfect Storm for OT Cyberattacks
Manufacturing's digital transformation creates dangerous convergence between IT networks and operational technology, with 96% of manufacturers planning OT security investments.
Read article →
NIS2 Becomes Operational Reality for UK Businesses in 2026
First operational deadlines hit January 2026 with registration closing February 28th. UK businesses with EU operations face compliance audits by June with €10M fines now enforceable.
Read article →
The £270 Billion Question: Why UK SMEs Must Bridge the Digital Divide Now
With digital transformation market set to reach £271bn by 2033, UK SMEs face a critical inflection point that will determine competitive survival.
Read article →
86% of UK Businesses Don't Check Supplier Security
NCSC data reveals alarming security gaps as supply chain attacks surge 50%, with manufacturing firms particularly vulnerable to ransomware groups targeting critical suppliers.
Read article →
Banks Finally Build AI Governance Frameworks as Regulation Tightens
E.SUN Bank and IBM create Taiwan's first banking AI governance framework, signalling the industry's shift from AI experimentation to regulated production deployment.
Read article →
UK's Cyber Resilience Bill Will Mirror NIS2 But Add Unique Powers
As EU states struggle with NIS2 implementation, the UK's Cyber Security and Resilience Bill advances through Parliament with expanded regulatory powers over critical suppliers.
Read article →
Chrome Zero-Days Already Under Attack Before UK Businesses Can Patch
Google patched two Chrome vulnerabilities already exploited in the wild. UK organisations face a critical window to update before these become widespread attack tools.
Read article →
Fake VPN Downloads Stealing UK Corporate Credentials Through SEO Trickery
Storm-2561 cybercriminals are manipulating Google search results to distribute signed malware disguised as legitimate VPN clients, stealing corporate credentials from UK employees.
Read article →
Three-Quarters of UK Businesses Are Failing Identity Recovery Tests
New survey reveals 76% of UK organisations aren't testing identity disaster recovery adequately, creating dangerous blind spots as attackers increasingly target identity systems.
Read article →
AI Agents Quietly Access All Your Company Data Without Permission
Shadow AI deployment through low-code tools creates unprecedented data access risks as business teams bypass IT security controls entirely.
Read article →
Grammarly Sued for Stealing Journalist Identities Without Consent
Julia Angwin's class-action lawsuit against Grammarly reveals how AI companies are appropriating professional identities without permission, setting crucial precedents for UK business AI governance.
Read article →
INC Ransomware Devastates Pacific Healthcare Networks
INC ransomware group's systematic targeting of healthcare providers across Australia, New Zealand and Pacific islands offers critical lessons for UK healthcare organisations.
Read article →
China Bans OpenClaw AI at Banks and Government Agencies
Chinese authorities ban OpenClaw AI citing security risks, whilst UK organisations eagerly adopt similar autonomous agents without proper governance frameworks.
Read article →
The £84 Billion Security Vendor Buying Spree Reaches Your Budget
Cybersecurity M&A hit £84bn globally, reshaping the vendor landscape UK businesses rely on. Strategic procurement decisions made today will determine security effectiveness for years ahead.
Read article →
SQL Server Zero-Days Hand Attackers Database Kingdom Keys
Microsoft's SQL Server CVE-2026-21262 vulnerability allows attackers to bypass authentication and gain sysadmin privileges. UK organisations must reassess their database security posture beyond basic authentication controls.
Read article →
Data Centers Become War Targets as Iran Strikes AWS Facilities
Iranian attacks on AWS infrastructure reveal how geopolitical conflicts now threaten business operations directly. UK organisations must reassess cloud resilience strategies as physical infrastructure becomes a kinetic target.
Read article →
Zero-Click Excel Bug Turns Copilot Into Corporate Data Thief
CVE-2026-26144 allows attackers to exploit Microsoft 365 Copilot through malicious Excel files, turning AI assistance into unauthorised data extraction. UK boards must urgently review AI governance frameworks.
Read article →
HR Departments Under Siege From 'BlackSanta' EDR-Killer Campaign
Russian malware campaign exploits recruitment workflows to disable security tools. HR departments become the new front line in sophisticated steganographic attacks bypassing traditional defences.
Read article →
Only One in Four Organisations Test Identity Recovery
New research reveals 75% of organisations skip identity recovery testing, creating a hidden weakness that turns cyber incidents into prolonged business disasters.
Read article →
Microsoft Just Made Passkeys Mandatory. Here Is What That Means.
Microsoft is auto-enabling passkeys across Entra ID tenants. UK businesses must prepare for mandatory passwordless authentication or face compliance and security risks.
Read article →
Why Cloud Attackers Stopped Caring About Your Passwords
Google's latest threat report reveals attackers are bypassing traditional access controls entirely, exploiting cloud applications directly rather than stealing credentials.
Read article →
Russian Malware Is Killing Your Security Tools Before You Know It
BlackSanta malware disables endpoint security at kernel level through HR recruitment attacks. Your EDR investment becomes worthless if attackers neutralise it before detection.
Read article →
The Cisco Flaw NCSC Is Warning About Right Now
NCSC confirms active exploitation of CVE-2026-20127 in Cisco SD-WAN devices. Critical patching required for UK businesses running affected Catalyst systems.
Read article →
NCSC Issues Alert as Middle East Tensions Spill Into Cyberspace
The NCSC warns UK businesses of heightened cyber threats from Middle East conflicts. Mid-market companies face indirect risk through supply chains and third-party services.
Read article →
CVE Program Funding Crisis Averted But UK Patch Management Still at Risk
The near-collapse of the global CVE vulnerability database exposes dangerous UK dependencies on US-funded cybersecurity infrastructure. Here's how to build resilience.
Read article →
NCSC External Attack Surface Management Guide: Why UK Businesses Need EASM Now
NCSC retires Web Check and Mail Check by March 2026, pushing businesses toward commercial EASM solutions. New buyer's guide reveals what UK organisations really need.
Read article →
OpenAI Acquires Promptfoo: What UK AI Governance Teams Need to Know
OpenAI's $18.4M acquisition of AI red teaming specialist Promptfoo signals a shift towards integrated security in enterprise AI deployment. UK governance teams face new compliance considerations.
Read article →
Google Cloud Attack Vector Shift: Why Bug Exploits Now Outpace Weak Credentials
Google's security team reveals a fundamental shift: attackers now exploit software vulnerabilities faster than weak passwords, compressing response windows from weeks to days.
Read article →
Trump's Cyber Strategy Prioritises Offensive Operations Over Defence
New US cyber strategy shifts focus from protection to projection of power. UK businesses with American ties face elevated risks from escalatory cyber warfare.
Read article →
AI Agent Hacked McKinsey's Internal Chatbot in Two Hours
Security researchers compromised McKinsey's internal AI chatbot within hours, exposing SQL injection vulnerabilities that most UK businesses are repeating in their own AI deployments.
Read article →
Microsoft Teams A0Backdoor Attacks Target UK Financial Services
Cybercriminals are using Microsoft Teams to deploy A0Backdoor malware via fake Quick Assist requests, bypassing traditional email security in UK financial firms.
Read article →Ready to strengthen your cyber resilience?
Talk to our team about protecting your organisation against evolving threats.
Get in Touch