Cyber threats grow smarter as India scales

It’s easy to get swept up in the excitement of India’s digital revolution: fintech apps multiplying like rabbits, public digital platforms transforming service delivery, and critical infrastructure systems going smart. But in this race to digitize everything, there’s a quiet war intensifying—one fought not on borders, but in code.

Jaydeep Singh, General Manager for India at Kaspersky, pulled back the curtain for us on this invisible front. What emerged is a high-stakes story of evolving cyber warfare, broken trust models, and AI arms races. And yes, India is right in the middle of it.

When infrastructure goes digital, so do the threats

India’s critical infrastructure, public platforms, and fintech ecosystem are not just expanding. They’re becoming prime targets. As systems converge across Information Technology (IT) and Operational Technology (OT), the vulnerabilities multiply.

The attacks are no longer simplistic hacks. Instead, we’re talking about advanced persistent threats (APTs), financial malware that’s more cunning than ever, and supply chain compromises that sneak in unnoticed. Add AI-powered attacks to the mix, and it becomes clear: the battleground is not just digital. It’s intelligent.

Deepfakes, synthetic IDs, and AI weaponry

AI is now both sword and shield. As deepfake technology becomes cheaper—up to 400 times more affordable, in fact—bad actors are unleashing waves of automated scams.

From synthetic identity fraud to AI-crafted phishing targeting government and fintech platforms, India is staring at a tsunami of deception. The kicker? Traditional defenses are struggling to keep up.

This isn’t hypothetical. Over the next two to three years, we’ll likely see AI-driven exploitation move from fringe to frontline. But there’s hope. AI can be used defensively too. AI-assisted detection, employee awareness, and ethical AI practices form the new triangle of cyber-resilience.

Zero Trust: the buzzword that rarely delivers

“Zero Trust” sounds like the ultimate fix, but the real-world story is messier. Despite loud claims, most Indian enterprises are still stuck halfway through adoption.

Why? Let’s break it down:

• Legacy systems are still running the show, making micro-segmentation a dream.

• Identity chaos makes continuous verification tough.

• Cultural resistance is real. Shifting to “never trust, always verify” isn’t just technical; it’s psychological.

• Disconnected tools make automation a pain.

• And worst of all? No phased roadmaps. Enterprises often go all-in without identifying what to protect first.

The takeaway: go small to go big. Begin with visibility. Prioritize identity controls. Then evolve intelligently.

The great integration puzzle

Modern cloud-native apps, on-prem legacy setups, and highly sensitive OT systems. Combine them, and you’ve got a cybersecurity Frankenstein. That’s the architecture most Indian enterprises are wrestling with.

The goal: a unified strategy that covers everything—endpoint protection, cloud workloads, and OT systems. But fragmentation is a killer. Inconsistent policies, siloed data, and blind spots are everywhere.

The solution: think orchestration, central visibility, and open integration. According to Kaspersky, AI-enhanced Security Operations Centers (SOC) and Extended Detection and Response (XDR) platforms are critical. But without governance and interoperability, even these can fall flat.

Humans vs. machines: who gets the final say?

As automation floods cybersecurity, it’s tempting to hand over control to the machines. But in sectors like BFSI (Banking, Financial Services, and Insurance) or critical infrastructure, that’s risky business.

Yes, automated systems can triage alerts and handle common threats at scale. But when lives, compliance, or national stability are on the line? You need a human.

It’s all about balance: governance frameworks, clear escalation paths, and a “human-in-the-loop” philosophy. The result? Faster response times without compromising judgment.

Predictive cybersecurity: from buzzword to reality

Predictive cybersecurity is no longer sci-fi. The move from reactive to proactive defense is already in motion, thanks to the rise of behavioral analytics, telemetry, and threat correlation.

Tools like Kaspersky Security Network are already crunching anomaly patterns and attacker behaviors to forecast threats before they strike. The future is one where organizations don’t just respond. They anticipate.

And that shift? It’s the beginning of something far bigger: anticipatory security, where cyberattacks are intercepted before they even begin.

Regulation meets reality: life after the DPDP Act

India’s Digital Personal Data Protection (DPDP) Act is changing how businesses view data not just as a resource, but as a risk vector.

To meet the Act’s demands:

• Security architecture must be rebuilt with privacy baked in.

• Encryption, data minimization, access logs—these aren’t add-ons anymore. They’re non-negotiable.

• Data residency is shaking up cloud decisions. Cross-border flows need clear processing maps.

• Cyber and privacy teams must now work hand in glove.

• CISOs aren’t just tech leaders anymore. They’re diplomats, bridging legal, risk, and compliance domains.

The best advice: start small, lock down high-value data, build mapping capabilities, and then scale up to full data lifecycle management that aligns local compliance with global resilience.

Closing the loop: resilience is the new innovation

In this quiet cyberwar, resilience isn’t just a buzzword. It’s the foundation for innovation. Because without secure systems, there’s no room to grow.

From critical infrastructure to fintech dreams and public digital ambitions, India’s digital economy is undeniably accelerating. But speed without strategy is a recipe for disaster.

The smart enterprises? They’re not just investing in tech. They’re rethinking frameworks, upskilling people, and building trust from the inside out. Because in today’s threatscape, cybersecurity isn’t just protection. It’s power.