But if the past is any guide, nobody will see the top 2011 security stories coming. A look at the top news stories of 2010 shows that the incidents that really captured the public’s attention were the ones that nobody predicted. Here are a five of the top, unpredicted stories from the past year.
1. Google gets hacked
In January, Google surprised everyone by admitting that it had been hit with a targeted cyber attack, now known as Aurora. Security insiders know that cleaning up hacked computers is just a cost of doing business today, but nobody predicted that a company like Google would voluntarily come forward and admit that it had been breached.
The Aurora incident wasn’t a simple drive-by download. According to people familiar with the incident, hackers got deep inside Google’s IT and were able to get control of critical internal systems. Nobody knows who pulled off the attack, but Google and the U.S. Department of State seem to think that it came from China.
The Aurora hackers had also targeted at least 30 other major companies, and Google’s public admission put the cyber-espionage problem squarely on the corporate agenda.
2. A worm targets critical industrial systems
All of that changed in July 2010, when a little known Belarus company called VirusBlockAda discovered a strange and very sophisticated worm on computers in Iran. The more we learned about Stuxnet, the more incredible it seemed: a piece of malware that was written by people who could master both zero-day Windows vulnerabilities and obscure SCADA programming techniques, that sought out very specific industrial systems and then tried to destroy them.
There’s a growing consensus that Stuxnet was built by a nation-state attacker aiming to damage Iran’s nuclear program.
3. Russia busts hackers
Computer crime is a semi-legitimate business in countries like Russia and Ukraine. So long as the criminals don’t harm locals, they’ve generally been allowed to operate with impunity, bringing millions of western dollars into local economies.
Even the Ukraine, long considered one of the safest havens for computer criminals, rounded up some of the alleged leaders of one of the worst Zeus crimeware gangs.
4. And the hackers get off with a slap on the wrist
Unfortunately, Russia and Ukraine’s actions are symbolic, rather than punitive. The mastermind behind one of the most lucrative computer attacks in history, Victor Pleshchuk, got off with probation. Sure, he had to pay back the stolen money, but if you don’t even get jail time for an US$8.9 million heist, is there really any reason for criminals to think twice about hacking into a bank? In Ukraine and Russia, the masterminds behind Zeus are still on the loose, despite the fact that about a hundred low-level operatives were rounded up in the U.K. And the alleged pharma-spammer, Igor Gusev, apparently fled the country before he could be brought into custody.
5. Anonymous gets taken seriously
If you’re an angry teenager with some free time on a Saturday night, and you’re mad at Visa or MasterCard because they won’t process payments for WikiLeaks, there’s something you can do to pass the time. You can call yourself Anonymous and get some free publicity for 
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com