I think it's really difficult to predict a future in this space, and it's why we've seen a theme of needing to work together on sharing intelligence and looking at different ways to combat these threats, not just from the defensive perspective, but advocating for things such as what Microsoft is doing around our digital peace objectives and advocating for cyber-norms of acceptable behaviour in cyberspace so there are consequences to these actors.
Specific to your question about IoT, absolutely, that is a concern to Microsoft and many others across the industry, in that these devices are being plugged into the Internet at a prolific rate, and there isn't necessarily the structure or the organization among the vendors or even regulation around this to ensure that these devices are built and secured by design and securely operated, or even have the ability to be updated at a later point in time by the vendor. Those things are easy targets for actors to compromise and then use against either governments, critical infrastructure, Microsoft or any organization in a future cyber-attack.