#FactCheck – False Claim of Lord Ram's Hologram in Srinagar - Video Actually from Dehradun

Introduction 

‍

The digital landscape of the nation has reached a critical point in its evolution. The rapid adoption of technologies such as cloud computing, mobile payment systems, artificial intelligence, and smart infrastructure has led to a high degree of integration between digital systems and governance, commercial activity, and everyday life. As dependence on these systems continues to grow, a wide range of cyber threats has emerged that are complex, multi-layered, and closely interconnected. By 2026, cyber security threats directed at India are expected to include an increasing number of targeted, well-organised, and strategic cyber attacks. These attacks are likely to focus on exploiting the trust placed in technology, institutions, automation, and the fast pace of technological change.

‍

1. Social Engineering 2.0: Hyper-Personalised AI Phishing & Mobile Banking Malware

‍

Cybercriminals have moved from generalised methods to hyper-targeted attacks through AI-based psychological manipulation. In addition to social media profiles, data breaches, and digital/tracking footprints, the latest types of cybercrimes expected in 2026 will involve AI-based analysis of this information to create and increase the use of hyper-targeted phishing emails.

Phishing emails are capable of impersonating banks, employers, and even family members, with all the same regionally or culturally relevant tone, language, and context as would be done if these persons were sending the emails in person.

With malicious applications disguised as legitimate service apps, cybercriminals have the ability to intercept and capture One-Time Passwords (OTPs), hijack user sessions, and steal money from user accounts in a matter of minutes.

These types of attempts or attacks are successful not only because of their technical sophistication, but because they take advantage of human trust at scale, giving them an almost limitless reach into the financial systems of people around the world through their computers and mobile devices.

‍

2. Cloud and Supply Chain Vulnerabilities

‍

As Indian organisations increasingly migrate to cloud infrastructure, cloud misconfigurations are emerging as a major cybersecurity risk. Weak identity controls, exposed storage, and improper access management can allow attackers to bypass traditional network defences. Alongside this, supply chain attacks are expected to intensify in 2026.

In supply chain attacks, cybercriminals compromise a trusted software vendor or service provider to infiltrate multiple downstream organisations. Even entities with strong internal security can be affected through third-party dependencies. For India’s startup ecosystem, government digital platforms, and IT service providers, this presents a systemic risk. Strengthening vendor risk management and visibility across digital supply chains will be essential.

‍

3. Threats to IoT and Critical Infrastructure

‍

By implementing smart cities, digital utilities, and connected public services, IoT has opened itself up to increased levels of operational technology (OT) through India’s initiative. However, there is currently a lack of adequate security in the form of strong authentication, encryption, and update methods available on many IoT devices. By the year 2026, attackers are going to be able to exploit these vulnerabilities much more than they already are.

Cyberattacks on critical infrastructure such as energy, transportation, healthcare, and telecom systems have far-reaching consequences that extend well beyond data loss; they directly affect the provision of essential services, can damage public safety, and raise concerns over national security. Effectively securing critical infrastructure needs to involve dedicated security solutions to deal with the specific needs of critical infrastructure, in contrast to conventional IT security.

‍

4. Hidden File Vectors and Stealth Payload Delivery

‍

SVG File Abuse in Stealth Attacks

‍

Cybercriminals are continually searching for ways to bypass security filters, and hidden file vectors are emerging as a preferred tactic. One such method involves the abuse of SVG (Scalable Vector Graphics) files. Although commonly perceived as harmless image files, SVGs can contain embedded scripts capable of executing malicious actions.

By 2026, SVG-based attacks are expected to be used in phishing emails, cloud file sharing, and messaging platforms. Because these files often bypass traditional antivirus and email security systems, they provide an effective stealth delivery mechanism. Indian organisations will need to rethink assumptions about “safe” file formats and strengthen deep content inspection capabilities.

‍

5. Quantum-Era Cyber Risks and “Harvest Now, Decrypt Later” Attacks

‍

Although practical quantum computers are still emerging, quantum-era cyber risks are already a present-day concern. Adversaries are believed to be intercepting and storing encrypted data now with the intention of decrypting it in the future once quantum capabilities mature—a strategy known as “harvest now, decrypt later.” This poses serious long-term confidentiality risks.

Recognising this threat, the United States took early action during the Biden administration through National Security Memorandum 10, which directed federal agencies to prepare for the transition to quantum-resistant cryptography. For India, similar foresight is essential, as sensitive government communications, financial data, health records, and intellectual property could otherwise be exposed retrospectively. Preparing for quantum-safe cryptography will therefore become a strategic priority in the coming years.

‍

6. AI Trust Manipulation and Model Exploitation

‍

Poisoning the Well – Direct Attacks on AI Models

‍

As artificial intelligence systems are increasingly used for decision-making—ranging from fraud detection and credit scoring to surveillance and cybersecurity—attackers are shifting focus from systems to models themselves. “Poisoning the well” refers to attacks that manipulate training data, feedback mechanisms, or input environments to distort AI outputs.

In the context of India's rapidly growing digital ecosystem, compromised AI models can result in biased decisions, false security alerts or denying legitimate services. The big problem with these types of attacks is they may occur without triggering conventional security measures. Transparency, integrity and continuous monitoring of AI systems will be key to creating and maintaining stakeholder confidence in the decision-making process of the automated systems.

‍

Recommendations

‍

Despite the increasing sophistication of malicious cyber actors, India is entering this phase with a growing level of preparedness and institutional capacity. The country has strengthened its cyber security posture through dedicated mechanisms and relevant agencies such as the Indian Cyber Crime Coordination Centre, which play a central role in coordination, threat response, and capacity building. At the same time, sustained collaboration among government bodies, non-governmental organisations, technology companies, and academic institutions has expanded cyber security awareness, skill development, and research. These collective efforts have improved detection capabilities, response readiness, and public resilience, placing India in a stronger position to manage emerging cyber threats and adapt to the evolving digital environment.

‍

Conclusion 

‍

By 2026, complexity, intelligence, and strategic intent will increasingly define cyber threats to the digital ecosystem. Cyber criminals are expected to use advanced methods of attack, including artificial intelligence assisted social engineering and the exploitation of cloud supply chain risks. As these threats evolve, adversaries may also experiment with quantum computing techniques and the manipulation of AI models to create new ways of influencing and disrupting digital systems. In response, the focus of cybersecurity is shifting from merely preventing breaches to actively protecting and restoring digital trust. While technical controls remain essential, they must be complemented by strong cybersecurity governance, adherence to regulatory standards, and sustained user education. As India continues its digital transformation, this period presents a valuable opportunity to invest proactively in cybersecurity resilience, enabling the country to safeguard citizens, institutions, and national interests with confidence in an increasingly complex and dynamic digital future.

‍

References

‍

1. https://www.seqrite.com/india-cyber-threat-report-2026/ 
2. https://www.uscsinstitute.org/cybersecurity-insights/blog/ai-powered-phishing-detection-and-prevention-strategies-for-2026
3. https://www.expresscomputer.in/guest-blogs/cloud-security-risks-that-should-guide-leadership-in-2026/130849/ 
4. https://www.hakunamatatatech.com/our-resources/blog/top-iot-challenges 
5. https://csrc.nist.gov/csrc/media/Presentations/2024/u-s-government-s-transition-to-pqc/images-media/presman-govt-transition-pqc2024.pdf
6. https://www.cyber.nj.gov/Home/Components/News/News/1721/214 

‍

Introduction

The hospitality industry is noted to be one of the industries most influenced by technology. Hotels, restaurants, and travel services are increasingly reliant on digital technologies to automate core operations and customer interactions. The shift to electronic modes of conducting business has made the industry a popular target for cyber threats. In light of increasing cyber threats, safeguarding personal and sensitive personal data on the part of the hospitality industry becomes significant not only from a customer standpoint but also from an organisational and legal perspective.

Role of cybersecurity in the hospitality industry

A hospitality industry-based entity (“HI entity”) deploys several technologies not only to automate operations but to also deliver excellent customer experiences. Technologies such as IoTs that enable smart controls in rooms, Point-of-Sale systems that manage reservations, Call Accounting Systems that track and record customer calls, keyless entry systems, and mobile apps that facilitate easy booking and service requests are popularly used in addition to operative technologies such as Property Management Systems, Hotel Accounting Systems, Local Area Networks (LAN).{1} These technologies collect vast volumes of data daily due to the nature of operations. Such data necessarily includes personal information such as names, addresses, phone numbers, email IDs etc. and sensitive information such as gender, bank account and payment details, health information pertaining to food allergens etc. Resultantly, the breach and loss of such critical data impacts customer trust and loyalty and in turn, their retention within the business. Lack of adequate cybersecurity measures also impacts the reputation and goodwill of an HI entity since customers are more likely to opt for establishments that prioritise the protection of their data. In 2022, cybercriminals syphoned 20GB of internal documents and customer data from Marriott Hotels, which included credit card information and staff information such as wage data, corporate card number and even a personnel assessment file. A much larger breach was seen in 2018, where 383 million booking records and 5.3 million unencrypted passport numbers were stolen from Marriott’s servers.{2}

Cybersecurity is also central to safeguarding trade secrets and key confidential trade information. An estimate of US $6 trillion per year on average amounts to losses generated from cybercrimes.{3} The figure, however, does not include the cost of breach, expenses related to incident response, legal fees, regulatory fines etc which may be significantly higher for a HI entity when loss of potential profits is factored in.

Cybersecurity is also central from a legal standpoint. Legal provisions in various jurisdictions mandate the protection of guest data. In India, the Digital Personal Data Protection Act 2023, imposes a penalty of up to Rs. 50 Crores on a breach in observing obligations to take reasonable security safeguards to prevent personal data breach.{4} Similarly, the General Data Protection Regulation (GDPR) of the European Union also has guidelines for protecting personal data. Several other industry-specific rules, such as those pertaining to consumer protection,  may also be applicable.

Breaches and Mitigation

There are several kinds of cyber security threats faced by an HI entity. “Fake Booking” is a popular method of cyber attack, whereby attackers build and design a website that is modelled exactly after the hotel’s legitimate website. Many customers end up using such malicious phishing websites thereby exposing their personal and sensitive personal data to threats. Additionally, the provision of free wifi within hotel premises, usually accessible freely to the public, implies that a malicious actor may introduce viruses and updates bearing malware. Other common cyber threats include denial of service (DoS) attacks, supply chain attacks, ransomware threats, SQL injection attacks (a type of attack where malicious code is inserted into a database to manipulate data and gain access to information), buffer overflow or buffer overrun (when the amount of data exceeds its storage capacity, implying that the excess data overflows into other memory locations and corrupt or overwrites data in those locations). 

One of the best ways to manage data breaches is to leverage newer technologies that operate on a “privacy by design” model. An HI entity must deploy web application firewalls (WAF) that differ from regular firewalls since they can filter the content of specific web applications and prevent cyber attacks. Another method to safeguard data is by deploying a digital certificate which binds a message/instruction to the owner/generator of the message. This is useful in preventing any false claims fraud by customers. Digital certificates may be deployed on distributed ledger technologies such as blockchain, that are noted for their immutability, transparency and security. Self-sovereign identities or Identifiers (SSI) are also a security use-concept of blockchain whereby individuals own and control their personal data, thereby eliminating reliance on central authorities.{5} In the hospitality industry, SSIs enhance cybersecurity by securely storing identity-related information on a decentralised network, thereby reducing the risk of data breaches. Users can selectively share their information, ensuring privacy and minimising data exposure. This approach not only protects guests' personal details but also streamlines authentication processes, making interactions safer and more efficient.

From a less technical standpoint, cybersecurity insurance may be opted for by a hotel to secure themselves and customer information against breach. Through such insurance, a hotel may cover the liability that arises from breaches caused by both first- and third-party actions.{6} Additionally, Payment Cards Industry Data Security Standards should be adhered to, since these standards ensure that businesses should apply best practices when processing credit card data through optimised security. Employee training and upskilling in basic, practical cybersecurity measures and good practices is also a critical component of a comprehensive cybersecurity strategy.

References:

• [1]  The Growing Importance of Cybersecurity in the Hospitality Industry”, Alfatec, 11 September 2023 https://www.alfatec.ai/academy/resource-library/the-growing-importance-of-cybersecurity-in-the-hospitality-industry
• [2]  Vigliarolo, Brandon, “Marriott Hotels admit to third data breach in 4 years”, 6 July 2022 https://www.theregister.com/2022/07/06/marriott_hotels_suffer_yet_another/#:~:text=In%20the%20case%20of%20the,of%20an%20individual%20organization%20ever. 

• [3] Shabani, Neda & Munir, Arslan. (2020). A Review of Cyber Security Issues in the Hospitality Industry. 10.1007/978-3-030-52243-8_35. https://www.researchgate.net/publication/342683038_A_Review_of_Cyber_Security_Issues_in_Hospitality_Industry/citation/download    
• [4] The Digital Personal Data Protection Act 2023 https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• [5]  “What is self-sovereign identity?”, Sovrin, 6 December 2018 https://sovrin.org/faq/what-is-self-sovereign-identity/ 
• [6] Yasar, Kinza, “Cyber Insurance”, Tech Target https://www.techtarget.com/searchsecurity/definition/cybersecurity-insurance-cybersecurity-liability-insurance 

Introduction

MSMEs, being the cornerstone of the Indian economy, are one of the most vulnerable targets in cyberspace and no enterprise is too small to be a target for malicious actors. MSMEs hardly ever perform a cyber-risk assessment, but when they do, they may run into a number of internal problems, such as cyberattacks brought on by inadequate networking security, online fraud, ransomware assaults, etc.  Tackling cyber threats in MSMEs is critical mainly because of their high level of dependance on digital technologies and the growing sophistication of cyber attacks. Protecting them from cyber threats is essential, as a security breach can have devastating consequences, including financial loss, reputational damage, and operational disruptions.

Key Cyber Threats that MSMEs are facing

MSMEs are most vulnerable to are phishing attacks, ransomware, malware and viruses, insider threats, social engineering attacks, supply chain attacks, credential stuffing and brute force attacks and Distributed Denial of Service (DDoS) Attacks. Some of these attacks are described as under-

• Insider threats arise from employees or contractors who intentionally or unintentionally compromise security. It involves data theft, misuse of access privileges, or accidental data exposure. 
• Social engineering attacks involve manipulating individuals into divulging confidential information or performing actions that compromise security by pretexting, baiting, and impersonation. 
• Supply chain attacks exploit the trust in relationships between businesses and their suppliers and introduce malware, compromise data integrity, and disrupt operations.
• Credential stuffing and brute force attacks give unauthorized access to accounts and systems, leading to data breaches and financial losses.

Challenges Faced by MSMEs in Cybersecurity

The challenges faced  by MSMEs in cyber security are mainly due to limited resources and budget constraints which leads to other issues such as a lack of specialized expertise as MSMEs often lack the IT support of cyber security experts. Awareness and training are needed to mitigate poor understanding of cyber threats and their complexity in nature. Vulnerabilities in the supply chain are present as they rely on third-party vendors and partners often, introducing potential supply chain vulnerabilities. Regulatory compliance is often complex and is taken seriously only when an issue crops up but it needs special attention especially with the DPDP Act coming in. The lack of an incident response plan leads to delayed and inadequate responses to cyber incidents, increasing the impact of breaches.

Best Practices for Tackling Cyber Threats for MSMEs

To effectively tackle cyber threats, MSMEs should adopt a comprehensive approach such as:

• Implementing and enforcing strong access controls by using MFA or 2FA and password policies. Limiting employee access as role based and updating the same as and when needed.
• Regularly apply security patches and use automated patch management solutions to prevent exploitation of known vulnerabilities.
• Conduct employee training and awareness programs and promote a security-first approach for the employees and assessing employee readiness to identify improvement areas.
• Implement network security measures by using firewalls and intrusion detection systems. Using secure Wi-Fi networks via strong encryptions and changing default credentials for the router are recommended, as is segmenting networks to limit lateral movement within the network in case of a breach.
• Regular data backup ensures that in case of an attack, data loss can be recovered and made available in secure offsite locations to protect it from unauthorized access. 
• Developing an incident response plan that outlines the roles, responsibilities and procedure for responding to cyber incidents with regular drills to ensure readiness and clear communication protocols for incident reporting to regulators, stakeholders and customers.
• Implement endpoint security solutions using antivirus and anti-malware softwares. Devices should be against unauthorized access and implement mobile device management solutions enforcing security policies on employee-owned devices used for work purposes.
• Cyber insurance coverage will help in transferring financial risks in case of cyber incidents. It should have comprehensive coverage including business interruptions, data restoration, legal liabilities and incident response costs.

Recommended Cybersecurity Solutions Tailored for MSMEs

1. A Managed Security Service Provider offers outsourced cybersecurity services, including threat monitoring, incident response, and vulnerability management that may be lacking in-house.
2. Cloud-Based Security Solutions such as firewall as a service and Security Information and Event Management , provide scalable and cost-effective protection for MSMEs.
3. Endpoint Detection and Response (EDR) Tools detect and respond to threats on endpoints, providing real-time visibility into potential threats and automating incident response actions.
4. Security Awareness Training Platforms deliver interactive training sessions and simulations to educate employees about cybersecurity threats and best practices.

Conclusion

Addressing cyber threats in MSMEs requires a proactive and multi-layered approach that encompasses technical solutions, employee training, and strategic planning. By implementing best practices and leveraging cybersecurity solutions tailored to their specific needs, MSMEs can significantly enhance their resilience against cyber threats. As cyber threats continue to evolve, staying informed about the latest trends and adopting a culture of security awareness will be essential for MSMEs to protect their assets, reputation, and bottom line.

References:

• https://economictimes.indiatimes.com/small-biz/security-tech/security/cyber-security-pitfalls-and-how-negligence-can-be-expensive-for-msmes/articleshow/99508822.cms?from=mdr
• https://www.investopedia.com/financial-edge/0112/3-ways-cyber-crime-impacts-business.aspx 
• https://www.financialexpress.com/business/sme-msme-tech-cisco-launches-new-tool-for-smbs-to-assess-their-cybersecurity-readiness-2538348/ 
• https://www.cloverinfotech.com/blog/small-businesses-big-problems-are-cyber-attacks-crushing-indias-msmes/ 

‍