
Craig Spiezle, executive director & president of Online Trust Alliance (OTA)
Randy Sanovic, owner of RNS Consulting; former general director, information security of General Motors
Rich Mogull, founder of Securosis
Gerhard Eschelbeck, CTO & SVP at Sophos
Daniel Kennedy, research director, TheInfoPro, a division of The 451 GroupQ
What threat vectors will be most prominent? Why?

Sanovic: My first worry would be malicious hackers and bots. The environments that concern me most are mobile computing and social technology. For example, to somewhat secure Facebook could require at least 105 clicks, and most people, including the more technical-oriented, will not get it done. Because of the pervasiveness of mobile computing, and the fact that technological advances continue to outpace reasonable and prudent security fixes, I feel we will not be able to get “user friendly/capable” security solutions implemented in a timely fashion.
Mogull: What's prominent in terms of attacks? The same stuff as today: email and web phishing/social engineering. In the press releases? Whatever the vendors want to sell that you probably don't need: a lot of mobile device and cloud hype. I expect a lot of iOS headlines this year, and a lot of Mac hype. Not that Macs are immune, but the hype will far outweigh the number of people being compromised. And, while cloud security is important, most of what you'll see is “cloudwashing” of traditional security stuff. People will really have to keep hunting for the innovation (which is there, just not from your usual vendors).

Kennedy: Enterprises are concerned about trends associated with IT consumerization – personnel bringing in their own devices – and how to handle that in all of its manifestations (smartphones, laptops, etc.) while still protecting custodial and intellectual property data.