Securing a computer network of an organisation in the post-pandemic world is way different from what it was before the pandemic where most of the employees working out of a premises.

Though people have started using the networks via a Virtual Private Network (VPN) in the initial days of the work-from-home phase, it soon changed as organisations are forced to allow employees to share the devices with family members.

,“The same computer is used by different family members for different purposes during the pandemic,” Rohan Vaidya, Regional Director of Sales – India, CyberArk, told BusinessLine.

Network protection

The US-based cyber security solutions company runs an R&D centre with 90 engineers in Hyderabad. The company offers identity security and access management solutions to organisations to help protect their networks

Each of the employees can wittingly or unwittingly sneak malware into the organisations, threatening to tarnish the reputation of the organisation or exposing them to cyber attacks, including ransomware, which has become quite rampant of late.

Organisations must focus on limiting the access to the network based on their roles.

“If you are running a Twitter account for your organisation and your device is compromised, an intruder can take that control over the Twitter account and cause a severe reputational damage for your organisation,” he said.

“We started realising that the privilege was not limited to the administrators or the IT team, but it could be for functional teams. Some people might it get for a specific task. You grant him the privilege and you never take it back,” he said.

There is no way of realising or remembering who have been given privileges. “Some employees change their roles. They might have left the organisation but the privileges are still remain with them,” he said.

Heavy deployment of cloud solutions have only complicated things. “You have something called entitlements or privileged access. It could range into something like 21,000 or 27,000 privileges a single user could get. It allows you to reconfigure, it allows you to add a lot of things,” he said.

Hackers understand this situation very well. They find and target weak links to sneak in.

Rohan said CyberArk has created a multi-factor authenticator, which facilitates managing the privileges well. “This is not just a normal multi-factor authenticator. It is an adaptive, intelligent multi-factor authenticator. It learns what the user would do,” he said.

“If I am able to take control over the administrator username and password, I am able to reconfigure the entire enterprise system the way I want it,” he said.

“If am able to take control of a domain controller, the game is over. A cyber attacker’s ultimate aim is to breach the domain password. We help organisations protect this space,” he said.

Rohan says there are two kinds of passwords that are generally used in an organisation. One is the human users who login and then there are administrative passwords that are fed into scripts, or the application identity. It could be a machine identity.