I think last year was a huge wake up call. I mean, you had IT admins, they're suddenly finding themselves managing remote employees, right? And they're using a variety of different company-owned stuff, and they started using their personal devices. They're downloading and installing software from wherever.
Think of it from an IT sysadmin or CTO or CIO's perspective last year, just asking yourself questions like this. You know, how secure is every home of your remote employee? That'll keep you up at nights. What are they downloading? Are they using their work computer to access bad websites?
Are they using personal devices to access sensitive company information? Are they patched? Are they in an apartment building where you can see 20 Wi-Fi SSIDs, and they're using old security protocols for their Wi-Fi's? Is their router username admin and their password password, you know? There's just so much out there.
OK. Well, we'll just put everything on the VPN. Well, when all of the sudden you mushroom the amount of people who have access to your VPN, how are you going to handle that? There's just an enormous amount of stress that was put on our admins last year. Got to love them for all they did.
The key is that just it added so many more attack vectors. And the bad guys, they were taking advantage of the lack of control caused by this big flood of unknown devices hitting their network from pretty much anywhere. You know, lots of unknown places.
So yeah, you're dramatically more exposed to risk. The thing is, it wasn't as much new problems, I don't think, as much as compounding the existing known problems. But if they were practicing good IT security practices and they were dramatically less exposed-- the good news, honestly is that there is good news out there. People are more aware of it.
But most of this isn't rocket science or new stuff. It's not like there's some evil genius who's sitting in a bunker somewhere developing a new way to introduce ransomware or to cause a data breach. A lot of it's just basic IT hygiene, you know? But the key was to keep ahead of it by automating as much as possible, particularly things like your vulnerability assessment and your patching.