VeriSign critical infrastructure that's operated by Supervisory Control and Data Acquisition (SCADA) systems -- such as electrical power transmission facilities and gas pipelines -- will see increased attacks in 2009.

Sophos warns that a sharp increase in SQL injection attacks on Web sites and an increase in scareware products are on tap, while MessageLabs predicts that phishing attacks against users of social networking sites will become more sophisticated.

For its part, expects that in 2009, social engineering techniques will increase in number, vectors and sophistication. Insider threats will grow, as will security risks related to mobility, the vendor predicts.

Within the enterprise, Network World columnist Andreas Antonopoulos that host-based security will become the focus for 2009. "The imminent release of Windows 7 and the continued interest in Mac OS and Linux as alternative desktops are once again focusing attention on operating-system and endpoint security," he says.

While security projects will struggle for funding in 2009, the pressure for businesses to stay compliant with a raft of new regulatory requirements could provide the funding excuse enterprises IT pros need. "Use compliance to push through budget requests on everything," Antonopoulos suggests. "It's 2007 all over again!"