Security predictions for 2012 point to trends towards ever more sophisticated attackers and away from the PC-centric desktop.

Trend Micro has come up with the prediction, which cover four main categories - big IT trends, mobile landscape, threat landscape, and data leaks and breaches.

Trend Micro's chief technology officer, Raimund Genes, said that what these predictions mean are that users in 2012 will need to continue moving towards a more data-centric model for effective security and privacy as they embrace consumerisation, virtualisation, and the cloud.

Among big IT trends, the Bring-Your-Own-Device (BYOD) era is here to stay. As more and more corporate data is stored or accessed by devices that are not fully controlled by IT administrators, the likelihood of data loss that are directly attributable to the use of improperly secured personal devices will rise. IT will definitely see incidents of this nature in 2012.

Another prediction is that attacks specifically targeting virtual machines (VMs) and cloud-computing services remain a possibility. Attackers will find no immediate need to resort to these because conventional attacks will remain effective in these new environments.

Virtual and cloud platforms are just as easy to attack but more difficult to protect. The burden will thus fall on IT administrators, who have to secure their company's critical data as they adopt these technologies. Patching a big array of virtualised servers is a challenge, allowing hackers to hijack servers, to fork traffic, and/or to steal data from vulnerable systems.

In the mobile landscape, smart phones and tablet platforms, especially Android, will suffer from more cyber-criminal attacks. Since smart-phone usage continues to grow worldwide, mobile platforms will become even more tempting cyber-criminal targets. The Android platform, in particular, has become a favourite attack target due to its app distribution model, which makes it completely open to all parties. We believe this will continue in 2012 although other platforms will also come under fire.

To date, mobile platform threats come in the form of malicious apps. Moving forward, Trend Micro said it expects cyber-criminals to go after legitimate apps as well. They will likely find either vulnerabilities or coding errors that can lead to user data theft or exposure. Compounding this further is the fact that very few app developers have a mature vulnerability handling and remedy process, which means the window of exposure for these flaws may be longer.

On the threat landscape, even though botnets will become smaller, they will grow in number, making effective law enforcement takedowns more difficult to realise. Botnets, the traditional cyber-crime tool, will evolve in response to actions taken by the security industry. The days of massive botnets may be over. These may be replaced by more, albeit smaller but more manageable, botnets.

Smaller botnets will reduce risks to cybercriminals by ensuring that the loss of a single botnet will not be as keenly felt as before, Trend Micro said.

Hackers will eye non-traditional targets so flawed Internet-connected equipment, ranging from SCADA [supervisory control and data acquisition] heavy industrial machinery to medical gadgets, will come under attack.

Cyber-criminals will find more creative ways to hide from law enforcement. Cyber-criminals will increasingly try to profit by abusing legitimate online revenue sources such as online advertising. This will help them hide from the eyes of both law enforcement and anti-fraud watchdogs hired by banks and other financial agencies.

For data leaks and breaches, more hacker groups will pose a bigger threat to organisations that protect highly sensitive data. Organisations will have to deal with this new threat and to increase their efforts to protect vital corporate information.

The new social networking generation will redefine "privacy". Confidential user information is ending up online. The new generation of young social networkers have a different attitude towards protecting and sharing information. They are more likely to reveal personal data to other parties such as in social-networking sites. They are also unlikely to take steps to keep information restricted to specific groups such as their friends. In a few years, privacy-conscious people will become the minority - an ideal prospect for attackers.

As social engineering becomes mainstream, server message blocks will become easy targets. To date, the craftiest social engineering ploys have been directed against large enterprises. However, cyber-criminals are now so adept at social engineering that the effort to target companies individually - big or small - is becoming less costly, according to Trend Micro.

New threat actors will use sophisticated cyber-crime tools to achieve their own ends. Targeted attacks will continue to grow in number in 2012.

More high-profile data-loss incidents via malware infection and hacking will occur in 2012. High-profile attacks will continue to hit major organisations in 2012. Important and critical company data will be extracted through malware infection and hacking. As a result, significant data-loss incidents will ensue, potentially affecting thousands of users and their personal information. These incidents can result in significant direct and indirect losses to concerned parties, according to Trend Micro.