As Indian businesses step into 2025, the cybersecurity landscape has never been more treacherous. From ransomware to infostealers and AI-driven phishing, attackers are scaling faster than defenses. In an exclusive conversation with Enterprise IT World, Govind Rammurthy, CEO of eScan, breaks down the most pressing threats, why SMEs remain soft targets, and how behavior-based security is redefining enterprise protection.
The Rising Tide of Cyber Threats in India
When asked which cyber threats top his list of concerns for Indian businesses in 2025—ransomware, infostealers, or supply chain attacks—Rammurthy does not hesitate.
“All three are serious,” he says, “but if I had to prioritize, supply chain attacks are the ones most likely to keep a CISO awake at night.”
The recent Jaguar Land Rover (JLR) incident underscores his point. A cyberattack forced three weeks of production shutdowns, costing nearly £50 million per week and threatening 200,000 jobs across its supply chain.
“Indian businesses are particularly exposed,” Rammurthy warns. “They are integrating rapidly into global supply chains without fully understanding the inherited cybersecurity risks. A single compromised vendor can expose dozens of larger organizations.”
While ransomware remains a crippling blow—especially for SMEs that cannot afford downtime—Rammurthy highlights infostealers as “silent killers,” quietly siphoning credentials for months. These stolen credentials often become the stepping stone to larger supply chain breaches.
“Supply chain attacks are the ones most likely to keep a CISO awake at night. A single compromised vendor can expose dozens of organizations, and many companies don’t even have complete visibility into their third-party dependencies.”
— Govind Rammurthy, CEO, eScan
The AI Arms Race: Attackers vs. Defenders
The conversation shifts to AI, where Rammurthy strikes a sobering note.
“Honestly? Most Indian enterprises aren’t prepared,” he admits. “Many are still struggling with basic security hygiene, while attackers are already using AI for personalized phishing, deepfake audio fraud, and adaptive malware that evolves in real time.”
The result is an uneven battlefield—companies embracing AI to drive efficiency but overlooking the new vulnerabilities it creates. The awareness gap is narrowing, however. “High-profile breaches have made CIOs more alert,” he says, “but there’s still a gulf between awareness and actionable preparedness.”
Why SMEs Are the Weakest Link
If there is one segment that keeps Rammurthy concerned, it’s India’s SMEs—the backbone of the economy, but often cyber unprepared.
“SMEs assume they’re too small to be targeted,” he explains. “But attackers don’t discriminate—they look for easy targets. And SMEs are sometimes the entry point into larger enterprises they supply.”
He stresses that strengthening SME security doesn’t always require massive spending. “It’s about prioritization. A manufacturing SME may need different security controls than a professional services firm. With modest investments in the right areas, SMEs can become far more resilient.”
eScan’s Differentiation: Beyond Signatures
In a crowded cybersecurity market, what sets eScan apart? Rammurthy points to one major shift: behavior-based detection.
“We moved away from signatures years ago. In our labs, we test malware detection without signatures—and consistently achieve nearly 100% success.”
He also highlights human-centric design. “We don’t assume users are perfect. For instance, our MailScan SEG platform introduces a 20-minute delay before sending emails. Thousands of data leaks have been prevented because employees had time to recall misaddressed emails.”
Another differentiator is unified management. “Most CIOs juggle seven or eight dashboards. Fragmentation makes detection harder. We consolidate everything into a single console.”
Tackling Insider and External Threats
Insider threats—whether malicious or accidental—remain a major risk. eScan’s endpoint solutions are designed for long-term behavioral correlation.
“APTs unfold gradually over weeks or months. Traditional tools miss them because each action looks normal in isolation,” Rammurthy explains. “Our systems establish behavioral baselines for users, devices, and applications. When activity deviates—such as odd-hour data access or large-scale downloads—we raise red flags.”
This proactive stance, he says, applies equally to external actors. “It’s about spotting intent, not just access.”
AI, Machine Learning, and Behavioral Analytics at the Core
For eScan, AI is more than a buzzword.
“AI helps us solve problems humans can’t—detecting SQL injections, predicting insider threats, attributing malware, and identifying APTs,” says Rammurthy. “Machine learning accelerates threat hunting, cutting analysis time from days to minutes.”
Behavioral analytics is particularly crucial for zero-day detection. “Even if malware looks completely new, if it behaves like ransomware, our systems can detect and contain it immediately.”
Staying Ahead of Compliance: DPDP and CERT-In
With India’s Digital Personal Data Protection (DPDP) Act and CERT-In’s six-hour reporting directive, compliance has become a front-line issue.
“At eScan, compliance is baked into our architecture,” Rammurthy asserts. “Our DLP solutions help meet DPDP requirements while preventing real breaches. Rapid detection and automated alerts support CERT-In’s strict timelines.”
But he stresses a mindset shift. “Compliance should not be about ticking boxes. Good security naturally aligns with compliance.”
Sector-Wise Cybersecurity Maturity
Across industries, adoption patterns vary:
- BFSI: Leading in maturity due to strict regulation and financial stakes.
- Healthcare: Accelerating rapidly, but faces unique challenges in balancing patient care with security.
- Government: Progress is uneven—some departments world-class, others lagging.
- SMBs: Growing interest, but still see security as a cost, not an enabler.
“Helping SMBs understand that security drives business growth is critical,” Rammurthy insists.
Combating Deepfakes and AI-Driven Phishing
Emerging threats like deepfakes and AI-generated phishing are already on eScan’s radar.
“We’re developing advanced detection systems to spot AI-generated content and introducing multi-factor verification beyond passwords,” he says. For example, verifying a CEO’s request through cross-channel confirmation before executing financial transfers.
On phishing, eScan combines detection with “trust verification layers”—continuous authentication and contextual validation. Importantly, Rammurthy notes, these innovations will be accessible to SMEs, not just large enterprises.
Strengthening the Partner Ecosystem
eScan’s expansion strategy hinges on OEMs, MSPs, and channel partners.
“We’re restructuring partner programs around outcomes, not just product sales,” he explains. “For MSPs, we provide deployable intelligence so even smaller players can compete.”
In Tier 2 and Tier 3 markets, demand is strong. “These regions need enterprise-grade security with small-business simplicity. Partners who position security as a growth enabler will thrive.”
Looking Ahead: The Future of Cyber Defense
Rammurthy sees 2025 as a turning point. Supply chain vulnerabilities, AI-powered threats, and regulatory pressures are converging. The winners will be those who not only deploy technology, but also rethink their security posture.
“The biggest mistake is treating cybersecurity as a defensive cost,” he concludes. “The real opportunity is to view it as a competitive advantage—building trust, enabling growth, and securing the future.”