Managing an expanding attack surface in the post-COVID era