1 minute reading
About Karthik Kanakarajan
Karthik Kanakarajan is an Information Security Leader with over 20 years of experience in Cybersecurity, Risk & Compliance, Vulnerability Management, Internal Audit, Business Continuity, and Third-Party Risk Management. He has led enterprise security initiatives across Banking, Financial Services, Retail, Technology, Education, and Pharmaceuticals. Karthik specializes in automating Governance, Risk & Compliance (GRC) frameworks and developing Secure Software Development Life Cycle (SSDLC) programs. He is passionate about strengthening organizational resilience, driving security transformation, and building high-performing teams aligned with business growth.
Rethinking Identity and Governance in the Age of Generative AI
As organizations strengthen their inbound filtering, attackers are shifting their focus toward compromised internal identities and trusted infrastructure. This shift requires security teams to rethink the traditional silos between email security, identity, and domain governance. The core topic of this address is the transition to a collaborative, zero-trust approach within the security domain.
With approximately 85% of modern phishing attacks being AI-generated, traditional scanning is no longer sufficient. Organizations must now integrate technical protections like BIMI (Brand Indicators for Message Identification) and behavioral analysis with organizational awareness to create a comprehensive defense.
Important Lines from the Speaker:
- “Almost 85%… of the email generative AI based fishing attacks… are from AI generated”.
- “Your behavior analysis should also have LLM content in filtered”.
- “It’s collaborative across all the within the security domain itself. We have to be more exclusive at this point of time”.
The Collaborative Zero-Trust Model
Karthik emphasizes that effective security requires integration across four key teams: email security, identity, governance, and security monitoring. He advocates for Role-Based Access Control (RBAC) and Privileged Access Management (PAM) to ensure that admin accounts are strictly separated from standard email accounts, strengthening the authentication process.
Furthermore, he highlights that because so many attacks are AI-generated, behavioral analysis tools must include LLM (Large Language Model) content filtering. This integrated defense ensures that data feeds from email security tools are funneled into SIEM (Security Information and Event Management) systems for real-time monitoring. Finally, he points to BIMI as a “game changer,” as it provides a verified tick mark and logo for every trusted email, helping users distinguish genuine communication from sophisticated spoofs.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
