Top of the list is existing vulnerabilities; the ones that have been published, the ones with patches issued 6 months ago. Coming joint first will be ingress aided by social engineering, the “click here for the latest on Brad Pitt and Angelina Jolie” or pop-up boxes with “Please enter your credentials to access xyz”.

The first bot on a kitchen appliance has already been reported. As more devices are connected to the ‘net, the more will be compromised and conscripted into the bot armies directed by techno-bandits. Baby monitors, home heating controls, solar panel generators and cars are part of IoT (internet of things).

Much more serious, is nation critical infrastructure being online, even if it supposed to be off net, you can bet that someone has connected it up via 3G, wireless, the forgotten ISDN line or even a dial-up modem. All for the sake of convenience, as convenience always trumps security, it will be a heady cocktail for someone to exploit. The technology is there, the momentum is increasing, but has the security kept up ? From past experience, I’d say not.

ATM (cash machines) will continue to be targeted, whether by skimming or wire-tapping or by re-programming by insiders or malware. Crime and criminals will always follow the money.

On the subject of corporate security failings, they’ll keep happening till the board embraces corporate responsibility for security and instils the necessary cultural changes throughout the company, from top down.