I've put together a compilation of the 2014 Security Predictions I could find. You can download the Excel sheet here if you are interested. This tag cloud summarizes the result.
So what do security experts think will keep us busy in 2014?
1. Internet of Things: As if the onslaught of mobile devices wasn't enough to worry about, you will need to look after your fridge, TV, toaster etc. Will there be a patch Tuesday for LG or Samsung appliances? Not underestimating the threat, I don't believe it will be a major concern in 2014. My guess is that it's currently fashionable to talk about "Internet of things" and that's why it pops up so frequently.
2. Mobile: Mobile threats are on top of the list. Business demands access to corporate services via mobile devices (It seems to be irrelevant which case has actual business value and which doesn't) and your job is to make sure that the demand (should we call it wishes?) is met in a secure matter.
3. Cloud: Cloud uptake might have taken a hit with the NSA revelations. I'm sure Mr. Snowden will keep us busy in 2014 with new revelations but nonetheless demand for the cloud will remain and so does the need to secure it. On one hand you have to work with the business units that resist the cloud due to some security concerns etc. and might be rejecting a valuable service due to a misunderstanding of the risks and on the other hand you have end users who want to make use of every possible cloud service irrespective of those 'made up' risks that IT keeps talking about. You are just keeping them from being productive, from collaborating and communicating etc. all those nice words that the business is unlikely to be actually measuring or attempting to measure.
4. Social Media Exploitation: Not as obvious as the previous points, but we've seen it coming. Criminals will make 'even' better use of social media in targeting their victims.
5. BYOD: It goes hand in hand with number two and three. Are we going to read about cases where BYOD went totally wrong and brought companies to it's knees for rushing into it? Nothing to worry about A dozen or so MDM vendors are lining up to give a helping hand with time proven solutions that quickly adapt to the changing mobile threat landscape (sprinkled with unicorn tears..) You probably will end up using a small subset of the controls that are "reasonable" to implement because your end users don't think it's that reasonable at all. You will probably end up making exceptions because some manager's device won't comply with your policy etc. Maybe another vendor can sell us a system for managing exceptions too?
So it's mostly more of the same, happy 2014!