I have no doubt that other security holes are hiding in old, fundamental Internet protocol programs, and we'll find out about them the hard way in 2015.
Finally, let's not forget good old human error. Logins and passwords are also being swiped by cyber-crooks from companies all the time As former FBI director Robert Mueller said this summer, "There are only two types of companies -- those that have been hacked, and those that will be."
Even the tech elite are vulnerable. Earlier in December, ICANN, which oversees DNS, was hacked. The attacker got access to user information, including email and postal addresses. ISC, makers of BIND, the world's most popular DNS software, also got hit, but we don't know what, if any, information was taken from the site.
Ever since I got into technology, security has been an afterthought. Security is what you do after you've been hacked and you've fired your CIO. 2015 is the year that attitude catches up with us.
I don't know how or when it will happen, but I do know what will happen. There will be a DDoS attack, probably exploiting some zero-day vulnerability of a fundamental Internet program. It will be big enough that it won't just knock some company or small country off the Internet; everyone in the world will feel its effects. And it may or may not make use of information stolen from a major IT company or Internet service body.
2015 will be the year our Internet security laziness will catch up with us. Frankly, I'll be happy if I'm dead wrong about this, but I don't think I am.
Sign up for CIO Asia eNewsletters.