New Delhi, June 18 -- India's cybersecurity landscape is facing growing pressure from threats, ransomware, and rising geopolitical tensions driven by Artificial Intelligence (AI). As digital adoption surges, sectors like healthcare, education, and infrastructure are especially vulnerable.
Check Point Software Technologies, a global cybersecurity firm with a strong footprint in India, is focused on securing cloud, remote, and on-premise environments through integrated solutions and local investments.
In a conversation with TechCircle, Sundar Balasubramanian, Managing Director for India and South Asia, shares insights on emerging threats, AI's evolving role, and how Indian CISOs are adapting to do more with less. Edited Excerpts:
How do you see the current state of cybersecurity in India, and what are the biggest threats enterprises face today, especially with the rise of AI-driven attacks and ransomware?
Indian enterprises are facing nearly twice the number of cyberattacks compared to the global average. This trend has intensified due to ongoing geopolitical tensions and uncertainty.
There's been a noticeable rise in cyberattacks from both state-sponsored actors and professional hackers. Ransomware attacks, in particular, are increasing. According to Check Point Research and customer conversations, India now ranks among the top 10 globally for ransomware activity. These attacks are targeting critical infrastructure, especially in healthcare, education, and government.
State-sponsored attacks are primarily aimed at extracting strategic information or holding organisations hostage for ransom. While such attacks aren't new, there was a spike during Covid, this year has seen a significant rise not only in ransomware but also in threats delivered through email and collaboration platforms. Roughly 70% of threats are still coming through these channels.
Organisations across sectors are strengthening their cybersecurity. Telecom companies, in particular, are boosting their security posture. Banks and stock exchanges already have strong defenses and continue to remain highly cyber-aware. However, healthcare and education remain the most impacted sectors, although awareness and response efforts are improving.
Another development is the increased use of AI in cyberattacks. AI is helping attackers automate and scale their operations. We're also seeing more advanced persistent threats from state-sponsored groups leveraging cloud platforms, targeting the defense and strategic sectors.
Just a month ago, there was a significant alert affecting both mission-critical and grid infrastructure.
To summarise, attack volumes in India remain higher than the global average. The situation is worsening with geopolitical factors. AI is now a major enabler for attackers, making their operations more efficient and harder to detect.
What are your key priorities in India this year, and how are you supporting the country's digital infrastructure and growing enterprise cloud adoption?
India has very different demographics compared to many other countries. We have a young population and have rapidly adopted digital technologies. Today's generation isn't just born into a digital world, they're engaging with digital tools and experiences from the start, in ways previous generations didn't.
We're a 31-year-old company. Our founder and chairman invented the state firewall. We've been in the industry longer than many other security companies. From the beginning, our stated focus has been on securing three key infrastructure areas: on-premise data centres, remote access, and cloud environments.
This is what we refer to as our integrated hybrid mesh strategy. We use the term "hybrid mesh" because we see all three areas as equally important in security. We don't believe one will replace the others; all are essential. Our products and solutions are designed to protect each of these areas, applications in the data centre, secure remote access (SASE), and full cloud protection.
Cloud service providers generally offer security of the cloud, but not in the cloud. That's where we come in. We secure the cloud internally, covering East-West traffic, shift-left practices in application development, and anything related to remote access. This is the core of our strategy.
In India, these priorities are even more relevant given the country's demographics and workforce. We've made significant investments here. Outside of Israel, we opened an R&D centre in Bengaluru, our first. We opened a Bengaluru office last year, followed by one in Mumbai. Now we're building out our R&D capabilities, focused on SASE and tailored solutions for the Indian market.
We're also actively working with the government and policymakers to help secure critical national infrastructure, which remains a top priority for us.
How is AI shaping your cybersecurity offering, especially in real-time threat detection and prevention for large enterprises?
AI became a widely discussed topic only recently, but we've been using it at Check Point for over a decade. Our approach to AI starts with Threat Cloud AI. All Check Point devices, appliances, software, and agents connect to this system, which is built on 30 years of threat intelligence. It processes known threats and uses 55 AI engines in parallel to detect unknown ones. As soon as a threat, known or suspected, is identified, protections are pushed out in real time to billions of devices globally. This system has been a core part of our security infrastructure for years and is one of the reasons we maintain high security efficacy across our deployments.
More recently, we introduced AI into firewall operations through a tool called AI Copilot. Managing firewalls can be complex, often due to issues in processes and human error rather than the product itself. Tasks like policy updates are particularly challenging in large enterprises, including banks. AI Copilot simplifies these operations, making them more efficient and reducing the risk of mistakes. This comes at a time when the industry faces a major shortage of skilled security professionals, about 65% of the required workforce is missing. By streamlining routine tasks, AI Copilot helps security teams operate more effectively with limited resources.
We've also embedded AI into our firewall management software, R82. This version includes AI features that improve detection of zero-day phishing and malware attacks, further strengthening the system's defensive capabilities.
Beyond these three main areas, AI is integrated across various other Check Point products, including entry-level devices like Quantum Spark and throughout our cloud security solutions. While we've been applying AI to threat detection for many years, its use in firewall operations and management software has expanded significantly in the last two.
How is your company helping regulated sectors like banking and healthcare meet India's data laws, especially post-DPDP, while ensuring security and performance?
The first step we've taken is a clear commitment to the Indian market. India was among the first regions to receive our full set of cloud-based subscriptions and services under the Harmony portfolio. We've also set up local data residences, so customer data remains within the country.
A major part of the DPDP Act relates to user privacy, which aligns closely with our SASE (Secure Access Service Edge) offering. We recently launched the Harmony SASE India data residency, which is especially important for regulated sectors like banking and stock exchanges, as well as high-risk sectors like healthcare.
This setup strengthens both data privacy and data security by ensuring customer data doesn't leave India.
We also follow a zero-trust network architecture model. Our offering combines firewall-as-a-service, zero-trust principles, SaaS protection, and SD-WAN. These technologies cover three main vectors: the data center, remote access, and the cloud, backed by our Red Cloud infrastructure.
This gives customers a strong security foundation. We follow all relevant regulations, respect data privacy, and are committed to full compliance with Indian requirements.
Looking ahead, which cybersecurity threats, like ransomware-as-a-service, deepfakes, Internet of Things (IoT) risks, or nation-state attacks, do you think will most impact Indian firms in the next 12 to 18 months?
If I had to lay it out, the first priority is email and collaboration. There are around 120 million Office 365 users in the country, and roughly 165 million Office users overall, more than the population of Europe. That's a large user base, making it both a significant cybersecurity risk and an opportunity.
The second major area is IoT. We're seeing increasing threats, especially in public sector units and healthcare. IoT security is becoming a focus. It's critical to keep these devices updated, ensure proper network architecture, and prevent them from becoming entry points for attackers. There's growing discussion and strategy around this, and IoT will remain a long-term threat vector, it's not seasonal.
The third area is user access. This includes both enterprise and consumer users. While data centers and devices are generally well-protected, mobile phones are not. There are 500 to 600 billion smartphones in use, each running multiple apps. If even one app is insecure, it can lead to serious risks, including financial losses.
In addition to these three core areas, email, IoT, and mobile, other threats remain. Deepfakes are a concern, though currently limited by cost and complexity. Creating convincing deepfake videos still requires significant resources, but deepfake voice technology is advancing faster. It's now being used in scams, including impersonation and financial fraud. While deepfakes are still emerging, the threat is growing and could eventually fall under broader categories like mobile phishing and ransomware.
So, to summarise, the top three vectors to focus on are email and collaboration, IoT, and mobile devices, with emerging risks like deepfake technology close behind.
How do Indian CISOs compare to their global peers, where are they ahead, and where do they still need to catch up?
Let's take a step back and look at the market. It has already undergone significant digital transformation. What was once a future goal is now a reality. India has moved quickly in this space, and with that progress come new security challenges. There's now much greater awareness of applications and cybersecurity, and Indian CISOs have responded effectively.
Over the past six years, including the period of Covid, I've seen some important shifts. During the pandemic, India maintained a solid security posture. More recently, despite facing increased geopolitical tensions, the country has continued to hold firm on cybersecurity.
Three major factors are shaping this environment. First is the scale of digital transformation. Second is the young workforce driving technology use. Third is the role of regulators, who have implemented measures that enhance security across sectors. A good example is the OTP requirement for credit card transactions in India. This requires a separate infrastructure to support it, especially given the volume of UPI transactions banks manage daily. Despite this load, the mobile infrastructure remains stable, and the additional layer of verification reduces credit card fraud. In contrast, some other countries don't require OTPs, which makes their systems more vulnerable.
In sectors like consumer banking and stock exchanges, India has developed a strong security foundation. The national cybersecurity agency, CERT-In, plays a key role by monitoring threats and sharing information quickly across industries. Managing this at a national level is a complex task, but it's critical to protecting infrastructure.
Some may feel the level of regulation is high, but it contributes directly to better security. CISOs today are rethinking their security architecture. Rather than just adding more tools, they're asking whether they need so many vendors and whether the overall system is effective. There's a broader move toward evaluating the actual impact and efficiency of security investments.
Security is now being discussed at the board level. Still, India spends less per employee on cybersecurity compared to mature markets. That's an area for improvement. Even so, Indian CISOs are doing more with less, which reflects both the constraints and the adaptability of the current environment.
Published by HT Digital Content Services with permission from TechCircle.