By Sundar Balasubramanian, Managing Director, Check Point Software Technologies, India & South Asia
October marks Cybersecurity Awareness Month, an annual initiative designed to help everyone stay safer and more secure online. In today’s digital landscape, cyber threats are constantly evolving, targeting individuals and organizations alike with increasingly sophisticated tactics. Whether you’re scrolling social media, checking emails, or downloading apps, cyber criminals are always looking for new ways to exploit vulnerabilities. The threat landscape is as broad as your web presence.
According to the Press Information Bureau, cybersecurity incidents in India rose sharply from 10.29 lakh in 2022 to 22.68 lakh in 2024, underlining how fast attack surfaces are expanding across digital platforms. As per Check Point’s Threat Intelligence Report, Indian organizations face an average of 3,247 cyberattacks per week over the last 6 months, nearly double the global average of 1,981.
Organizations must contend with AI-driven attacks that are growing in scale and sophistication day by day. It’s no longer enough to react – cyber security strategies must be prevention-first. That’s why raising awareness about cyber security isn’t just important — it’s essential for protecting your personal information, financial data, and digital identity.
1. Cyber Risks from Apps: Verify Before You Download
The app stores on your devices are generally safe, but malicious apps can still slip through the cracks. Before downloading any application, take a moment to verify the developer’s credibility. Look for apps from well-known companies or developers with strong reputations and positive user reviews.
Stay cautious of apps that request excessive permissions —if a flashlight app wants access to your contacts, that’s a red flag. Be particularly skeptical of apps that seem too good to be true, offer unrealistic promises, or have very few downloads despite being available for months. Always download apps directly from official app stores rather than third-party websites, and keep your apps updated to ensure you have the latest security patches.
Additionally, the Department of Telecommunications recently launched a “Financial Fraud Risk Indicator” (FRI) system that tags suspicious numbers used in fraudulent app activity as medium, high, or very high risk, helping curb app-based cyber crime.
2. Spotting Brand Phishing: Don’t Fall for Fake Communications
Cyber criminals love to impersonate trusted brands to steal your information. When you receive emails, texts, or messages claiming to be from well-known companies, take a closer look at the sender’s details. Legitimate businesses typically use official email domains and consistent branding. To counter this trend, India has operationalized the pan-India cyber fraud helpline 1930, which enables citizens to report phishing, payment fraud, or identity theft incidents instantly for real-time blocking of illicit transactions.
Watch out for pressure tactics designed to make you act quickly — phrases like “urgent action required” or “account will be suspended” are common red flags. Avoid clicking on links in suspicious messages. Instead, navigate directly to the company’s official website by typing the URL into your browser or using a bookmark. If you’re unsure whether a communication is legitimate, contact the company directly through their official customer service channels. Organizations need to stay a step ahead by preventing messages from ever reaching employee inboxes through anti-phishing and anti-ransomware protection combined with user education.
3. Detecting Deep Fakes: Trust but Verify
Deep fake technology has made it easier than ever to create convincing fake videos and audio recordings of real people. When you see content that seems surprising or out of character for someone, take a moment to double-check the person’s identity and the authenticity of what you’re seeing.
Look closely at videos for telltale signs of manipulation — unnatural facial movements, inconsistent lighting, or audio that doesn’t sync properly with lip movements. When verifying images, pay attention to backgrounds, shadows, and any elements that seem digitally altered.
Most importantly, if you receive suspicious content claiming to be from someone you know, confirm directly with that person through a separate, trusted communication channel before believing or sharing the content. As part of India’s policy response, the Promotion and Regulation of Online Gaming Bill, 2025 bans deepfake-led fraudulent gaming advertisements and deceptive money gaming platforms. The bill aims to shield users from AI-enhanced visual scams masquerading as legitimate opportunities.
4. Ignoring Unknown Texts: When in Doubt, Delete
Text message scams (smishing) have become increasingly common, with criminals sending everything from fake delivery notifications to bogus prize announcements. The safest approach with messages from unknown numbers is simple: don’t engage. Further, according to the Press Information Bureau, authorities have blocked over 9.42 lakh SIM cards and 2.63 lakh IMEIs linked to cyber fraud networks in 2025, significantly curbing message-based scams.
Never click on links in text messages from unfamiliar senders, even if the message seems legitimate or urgent. These links often lead to malicious websites designed to steal your information or install harmful software on your device. If you receive a suspicious text claiming to be from a company or service you use, ignore the message and contact the organization directly through their official channels. When in doubt, delete the message immediately and block the number to prevent future attempts.
5. Protecting Yourself from Leaked Credentials: Stay One Step Ahead
Data breaches happen more frequently than you might think, potentially exposing your usernames, passwords, and other sensitive information. In fact, compromised credentials have surged 160% this year. Regularly check if your credentials have been compromised by using reputable breach monitoring services that can alert you when your information appears in known data breaches.
When you discover that your information has been leaked, change your passwords immediately — not just for the affected account, but for any other accounts where you’ve used the same or similar passwords. Enable two-factor authentication wherever possible to add an extra layer of security to your accounts. Consider using a password manager to generate and store unique, strong passwords for each of your accounts. For organizations, the risk from leaked credentials is amplified by the potential for it to lead to a broader incident. Prioritizing Zero Trust-based secure access, organizations protect themselves from attackers moving laterally in the network after unauthorized access.
To strengthen institutional readiness, CERT-In has conducted 109 national-level mock cybersecurity drills involving 1,438 organizations as of March 2025. These initiatives train public and private institutions to mitigate credential theft, prevent ransomware spread, and adopt faster containment measures.
For organizations, it’s essential to be prepared for more and more sophisticated attacks. Full coverage across all employee devices, web applications, email, and secure access are pillars for protecting your workforce. In general, following this rule of thumb will cover most scenarios: If you’re unsure, or if something feels off, report it and don’t engage. By implementing these five cyber security practices and making online safety a priority, you can stay secure in our hyperconnected world.