As many as 89% of healthcare organisations experienced a data breach in 2015. Yet we are not hearing much about these breaches from companies that host their  data and systems. None of the large cloud storage or infrastructure companies have detailed a breach since the Aurora attacks that Google did in 2009.

Experts believe that 2017 will see a major cloud supplier in the news for a significant security breach. Beyond 2017, new EU legislation, the Directive on the secuirty of network and information systems (NISD) will require security breach reporting within the European Union.

Cloud computing cyber risks 2017

In 2017, we can also expect to see malware purpose built to capture cloud services credentials, similar to the banking trojans that are able to intercept two-factor authentication input. 2017 will also see new methods of persistence established via cloud computing management profiles. This will actively present a significant challenge for understanding intrusion timelines.

Threat actors have been using cloud services for command and control channels for a few years already. There has been a continued evolution in this activity by many threat actor groups over the past two years. In 2017, we can expect to see continued development of malicious software using cloud services. However, some believe that security companies will not report on this activity for fear of losing potential clients.