When COVID-19 hit and then started forcing massive enterprise changes in March, it caused a significant change in the enterprise threat landscape. That is even more troubling given that it all happened within a few days, which required the cutting of security corners for everything, especially the creation of remote sites.
COVID also accelerated movement to cloud—a lot faster than had been expected in January 2020. Those new remote sites, part of a gigantic flip in dataflows and personnel that turned an average 90% internal to 90% external, also opened the floodgates for orders of magnitudes more IoT devices. Even worse, these were especially insecure consumer-grade IoT devices, which typically sneaked into sensitive systems by piggybacking on VPN transmissions.