New Delhi: Check Point Software Technologies Ltd., a leading cybersecurity solutions provider, has released its annual report, “The State of Global Cyber Security 2025.” The report reveals a 44 per cent year-over-year surge in global cyberattacks, underscoring the escalating threat landscape, including in India.
“Cyber security in 2025 is not only about protecting networks; it’s about safeguarding trust in our systems and institutions. The State of Global Cyber Security 2025 highlights the rapid evolution of threats and reinforces the need for resilience in the face of persistent and complex adversaries,” stated Maya Horowitz, VP of Research at Check Point Software.
India Faces Significant Cyber Threat
The report highlights the alarming cyber threat facing Indian organizations, with an average of 3,291 attacks per week over the past six months. This figure significantly surpasses the global average of 1,847.
Healthcare emerged as the most targeted sector, enduring 8,614 weekly attacks per organization, followed by Education/Research (7,983) and Government/Military (4,731).
The report identified prevalent malware strains in India, including Remote Access Trojans (RATs), the Infostealer Formbook, the Ransomware Maze, and the FakeUpdates Botnet and Downloader.
A critical data breach in May 2024 exposed 500 GB of sensitive biometric data, including fingerprints and facial scans, impacting police, military personnel, and election workers.
This incident, linked to unsecured databases managed by ThoughtGreen Technologies and Timing Technologies, underscores the growing vulnerability of India’s biometric systems.
Rise of AI in Cyberattacks
According to the report, the year 2024 witnessed a concerning rise in the use of Generative AI (GenAI) for malicious purposes.
From disinformation campaigns to deepfakes, GenAI accelerated cyberattacks, facilitated financial theft, and manipulated public opinion. Concurrently, Infostealer attacks surged by 58 per cent, indicating a maturing cybercrime ecosystem.
DPDP Act Emphasizes Cybersecurity
However, here it should mentioned that the government has taken several steps to reduce the cases of cyberattack incidents in the country via initiatives, as well as introducing a new law to safeguard public data, handled by the companies.
The release of the Digital Personal Data Protection Act (DPDP) and its draft rules underscores the need for enhanced cybersecurity measures. The Act mandates stringent data protection practices, including data minimization, explicit consent management, and mandatory breach reporting.
To comply with the DPDP Act and mitigate the increasing cyber threat, companies must prioritize cybersecurity initiatives. Failure to implement adequate security safeguards can result in substantial fines, up to Rs 250 crore.
Key Findings from the 2025 Report
- Evolving Cyber Wars: Nation-states are shifting towards persistent campaigns aimed at eroding trust and destabilizing systems.
- Ransomware Evolution: Data exfiltration and extortion have become the primary ransomware tactics, prioritizing financial gain.
- Edge Device Exploitation: Compromised routers, VPNs, and other edge devices serve as entry points for attackers.
- Prevalent Vulnerabilities: A significant portion of exploits leveraged vulnerabilities known prior to 2024, emphasizing the importance of proactive patch management.
- Targeted Industries: Education remains the most targeted industry, experiencing a 75 per cent year-over-year increase in attacks.
Recommendations for CISOs
- Strengthen BYOD Security: Implement robust policies and endpoint protection for employee devices.
- Invest in Threat Intelligence: Utilize AI-driven tools to monitor and preempt emerging threats.
- Enhance Patch Management: Proactively address known vulnerabilities.
- Secure Edge Devices: Implement robust security measures for routers, VPNs, and IoT devices.
- Focus on Resilience: Prepare for persistent threats with comprehensive incident response plans and continuous monitoring.
By proactively addressing the challenges, organizations can build a secure and privacy-centric digital ecosystem.
Also Read –
DPDP Draft Rules: Experts Highlight Challenges, Opportunities and Key Compliance Needs
Discussion about this post