India’s cybersecurity narrative has long centered on what happens inside the enterprise endpoints hardened, networks segmented, data vaulted. But as Dr. Sanjay Katkar, Joint Managing Director of Quick Heal Technologies, argues, the most consequential attacks today don’t enter through the firewall at all. They impersonate, replicate, and deceive — inhabiting the same digital spaces where consumers’ bank, transact, and trust. From fake UPI portals to AI-generated support channels, the adversary has moved outward, weaponizing brand familiarity itself. In this conversation, Katkar maps the anatomy of a modern impersonation campaign, interrogates the awareness gap around Digital Risk Protection Services, and makes a pointed case. In a country scaling digital adoption faster than it is building security maturity, trust has become the most contested battleground in cybersecurity.
Joint Managing Director
Quick Heal Technologies
CISO Forum: Digital brand abuse has emerged as a significant threat vector, yet many Indian enterprises still treat it as a reputational issue rather than a security one. Where does that perception gap come from, and what does it cost organizations in real terms?
Sanjay Katkar: Digital brand abuse is often misread as a communications problem because it first shows up as a fake page, a counterfeit app, or a misleading social post. That makes it feel external to the security team, when in reality it is a direct attack on trust, identity, and customer safety. The perception gap comes from legacy thinking. Many enterprises still define security as protecting internal systems rather than the broader digital ecosystem in which their brand lives. That blind spot is becoming increasingly costly because AI-assisted phishing, cloned infrastructure, and impersonation campaigns are now part of a larger, industrialized cybercrime economy rather than isolated nuisances.
The cost is far more than reputational. A single impersonation campaign can drive phishing, credential theft, payment fraud, customer churn, regulatory exposure, and frontline support overload. Our India Cyber Threat Report revealed that in 2025, education, healthcare, and manufacturing together accounted for nearly 47% of detections, underscoring how quickly trust failures can spill into sectors with massive user bases and sensitive data. In sectors like BFSI, telecom, and e-commerce, the damage compounds quickly because users often act before they verify. Enterprises also lose precious response time when brand abuse is handled by marketing, legal, and security in silos. In today’s environment, brand abuse should be treated as an operational risk with measurable financial and trust impact, not as a cosmetic issue.
CISO Forum: Fake websites, clone apps, social media impersonation — these attacks live entirely outside an organization’s security perimeter. How should CISOs rethink their threat surface when adversaries operate in spaces they don’t own or monitor?
Sanjay Katkar: CISOs need to expand their definition of the threat surface beyond the firewall, endpoints, and corporate cloud. The modern adversary is not confined to systems an organization owns; they operate across app stores, social platforms, domain registries, messaging apps, and search ecosystems. Attackers now target the digital trust layer itself through fake government-service apps, cloned portals, and AI-generated social engineering assets. That means security has to become outward-facing, continuously scanning the public digital environment for impersonation, lookalike infrastructure, and abuse of brand assets.
The right mindset is digital risk intelligence, not just internal defense. CISOs should build visibility into fake domains, rogue apps, phishing kits, impersonation handles, and leaked credentials tied to the organization. They should also treat brand abuse as part of a broader external attack chain, because threat actors now use hybrid tactics such as phishing, credential theft, and cloned interfaces to move from deception to monetization. They must also establish rapid takedown workflows, verification frameworks, and intelligence-sharing among security, legal, and customer-facing teams. In many ways, the perimeter has dissolved. Enterprises now need to defend not only what they control, but what attackers can convincingly imitate. That is why DRPS is becoming a core security capability rather than an optional add-on.
CISO Forum: India’s digital adoption has been exceptionally fast — UPI, digital banking, e-governance — but has security maturity kept pace? Which sectors do you see as most dangerously exposed to digital risk today, and why?
Sanjay Katkar: Security maturity has not kept pace with India’s digital velocity. We have expanded UPI, digital banking, e-governance, and online commerce at remarkable speed, but in many places the security layer has remained reactive. The result is a gap between adoption and resilience. Some sectors have invested meaningfully in controls, but others are still relying on basic perimeter defenses in an environment that demands continuous monitoring and rapid response.
The most exposed sectors today are BFSI, healthcare, education, telecom, and large consumer-facing digital businesses. As I mentioned earlier, education, healthcare, and manufacturing contributed nearly 47% of detections in 2025, with Maharashtra, Gujarat, and Delhi among the most affected states. BFSI is attractive to cybercriminals because of its direct monetization potential. The healthcare and education sectors handle highly sensitive personal data but often operate on tighter budgets and with legacy systems. Telecom and consumer platforms are exposed because they sit at the intersection of identity, communication, and mass reach. The common weakness is that rapid digitization has often outpaced governance, asset visibility, and incident readiness. In the current threat environment, digital adoption without mature security is not progress; it is accumulated risk.
CISO Forum: Brand impersonation campaigns often target end consumers rather than the enterprise directly. Does that make attribution and responsibility murkier and does it let organizations off the hook too easily?
Sanjay Katkar: Yes, it does make attribution murkier, but it should not make responsibility murkier. Brand impersonation campaigns are designed to exploit the trust customers place in an enterprise, even when the attack never directly touches the enterprise network. The rising number of fake government-service apps and phishing-based malware delivery shows that attackers are targeting consumers outside the enterprise boundary while still weaponizing the brand itself. This is precisely why organizations cannot treat these incidents as someone else’s problem. If customers are deceived under your brand, the damage to trust falls on your organization, not on the attacker’s infrastructure.
Some companies still use the “outside our perimeter” argument to understate their role. That is a mistake. The modern enterprise is accountable for protecting its digital identity ecosystem, its consumers, and the authenticity of its communications. The first step is to accept that attackers often target the customer rather than the corporate SOC, because the customer is easier to mislead. That means enterprises need proactive monitoring, public education, verified channels, and takedown readiness. Responsibility may be shared across platforms, registrars, and law enforcement, but accountability still begins with the brand owner.
CISO Forum: There’s a growing dark web economy centered on Indian enterprise data credential dumps, leaked customer records, and compromised access. How widespread is this, and are organizations even aware of their own exposure?
Sanjay Katkar: This economy is broader and more active than many enterprises realize. Indian enterprise data is already circulating across underground forums, private Telegram groups, paste sites, and access marketplaces. Last year, our researchers at Seqrite Labs, India’s largest malware analysis facility, detected several cases of credential abuse, OAuth compromise, and data-extortion-led operations, including cloud identity theft and AI-assisted phishing chains. What gets traded is not just full databases; it is also credentials, session tokens, remote access, and partial customer records that can be stitched together into larger compromise chains. For attackers, even modest amounts of data can be valuable if they enable fraud, account takeover, or social engineering.
The bigger issue is awareness. Many organizations do not know how much of their exposed data is already in circulation because they are not systematically monitoring the dark web, credential dumps, or abuse channels. Exposure often remains invisible until a downstream incident occurs – a phishing wave, a fraud spike, a support complaint, or a regulator’s notice. That delay is costly. If enterprises had continuous external visibility into their leaked credentials, impersonation assets, and brand mentions, they could respond before a breach becomes a public crisis. In this sense, dark web intelligence is now a practical business control, not just a threat report.
CISO Forum: Digital Risk Protection Services is still a relatively nascent category in India compared to mature markets. What has been the single biggest barrier to adoption budget, awareness, or something else entirely?
Sanjay Katkar: The biggest barrier has been awareness, followed closely by the misunderstanding that DRPS is a “nice to have” rather than a security necessity. In mature markets, organizations increasingly recognize that external digital risk is part of the security stack. In India, many enterprises still view it as a niche monitoring service for brand teams or large consumer businesses, thereby limiting adoption.
Yes, budget matters, but budget is usually a symptom of priority, not the root cause. If leadership does not see digital impersonation, fake apps, and credential exposure as direct business risks, the spend never gets approved at the right level. Another barrier is fragmentation: responsibility is split across security, marketing, legal, compliance, and customer support, so no single owner feels accountable. The category also suffers because the impact is often indirect until a crisis hits. Once leaders see how quickly impersonation can trigger fraud, attrition, and regulatory scrutiny, the case for DRPS becomes much clearer. The market is moving, but awareness and ownership still need to catch up.
CISO Forum: The DPDP Act introduces accountability frameworks around personal data. But does it go far enough in addressing external digital threats, such as brand abuse and impersonation, that put consumer data at risk outside the organization’s walls?
Sanjay Katkar: The DPDP Act is an important step because it formalizes accountability around personal data, consent, and breach responsibility. But it is primarily designed to govern how organizations collect, process, and protect data within their own operations. It does not fully solve the growing external threat surface where brand abuse, impersonation, and counterfeit digital assets place consumer data at risk outside organizational walls.
That is an important gap. A fake website or clone app may not sit inside the enterprise, but it can still harvest personal data, credentials, and payment information under a trusted brand. So while the DPDP Act strengthens the case for better internal governance, it must be complemented by stronger external digital risk controls. Enterprises need visibility into the misuse of their brand, domains, and apps, as well as leaked credentials, because these are often the first indicators of consumer harm. In other words, compliance is necessary but not sufficient. The modern security mandate must extend beyond data custody to the protection of digital trust.
CISO Forum: Seqrite operates at the intersection of legacy endpoint security and newer enterprise threat intelligence. How do you ensure that DRPS doesn’t become yet another siloed tool in an already fragmented security stack?
Sanjay Katkar: The key is integration by design, not by afterthought. DRPS should not be a separate dashboard that security teams check only occasionally. It needs to feed into the same operational workflows that handle endpoint telemetry, threat intelligence, incident response, and executive reporting. If it becomes another isolated tool, it will add noise instead of value.
Seqrite’s advantage is that we already understand the enterprise security stack across endpoints, malware intelligence, and response workflows. That allows DRPS to be positioned as an extension of visibility rather than a parallel universe. The goal is to correlate external threats with internal signals. For example, a leaked credential, a phishing domain, and suspicious login behavior should all be tied into the same risk picture. That creates context and prioritization. Enterprises do not need more alerts; they need connected intelligence and faster action. DRPS becomes powerful when it helps the organization see the full attack chain, from public impersonation to internal compromise.
CISO Forum: From what you’re seeing in threat intelligence, what does a typical brand abuse campaign targeting an Indian enterprise look like today? Walk us through the anatomy of one.
Sanjay Katkar: A typical brand abuse campaign is highly structured. It usually starts with reconnaissance, where attackers study the brand, messaging style, customer journeys, and high-value user actions. What makes brand abuse especially potent is that attackers are not just imitating a logo or a website; they are weaponizing the trust, familiarity, and urgency associated with a known enterprise brand. In the Indian context, this often means mimicking payment flows, KYC updates, customer support journeys, recruitment pages, or promotional offers that users are already conditioned to trust. Our India Cyber Threat Report 2026 reflects this pattern through examples of fake portals, cloned interfaces, and socially engineered lures designed to exploit trust at scale.
Fraudsters later create lookalike domains, clone websites, fake social handles, or malicious mobile apps that closely mirror the legitimate experience to pass casual inspection. In parallel, they often seed social posts, ads, or direct messages to drive traffic. In many cases, these assets are amplified through paid ads, search manipulation, messaging apps, or fake support channels. Hence, the fraud appears native to the customer’s digital journey rather than suspicious from the outset.
The next stage is credential capture, payment interception, or malware delivery. If the campaign succeeds, the attacker may pivot to account takeover, fraud, or resale of stolen data. What makes these campaigns dangerous is their speed and scale. By the time the enterprise notices, the fake assets may already have been live long enough to harvest meaningful trust and data. The best defense is early detection, continuous monitoring, and coordinated takedown. But equally important is consumer awareness, because the attack often succeeds by impersonating trust itself.
CISO Forum: You’ve been building security products for the Indian market for decades. As AI lowers the barrier for attackers to spin up convincing fake assets at scale, are we entering a phase where digital trust itself becomes the most contested battleground in cybersecurity?
Sanjay Katkar: Yes, absolutely. AI is significantly lowering the cost of creating convincing fake assets such as fake websites, fake executives, fake support channels, fake apps, and even synthetic conversations. That means attackers no longer need sophisticated infrastructure or large teams to run a credible brand abuse campaign. They can test, refine, and scale deception far more quickly than before.
That changes the battleground. Digital trust becomes the core asset under attack because if users cannot distinguish the authentic from the fake, every channel becomes vulnerable. This is especially serious in India, where digital adoption is massive, and customer trust often depends on speed and convenience. In such an environment, the winning organizations will be those that can authenticate themselves continuously and visibly at every touchpoint. They will need stronger verification, external monitoring, and faster response to impersonation. AI will not just accelerate attacks; it will also force enterprises to prove authenticity in real time. That is why trust itself is becoming the most contested layer of cybersecurity.
