Bitcoin, the General Data Protection Regulation in Europe and the Internet of Things (IoT) are just three recent developments that will present security professionals with new challenges in 2018. That\u2019s in addition to the usual raft of malware, DDoS attacks and database thefts that have dominated the headlines for some time.To get a handle on what to expect, we asked two Keeper Security experts \u2013 Director of Security and Architecture Patrick Tiquet and Chief Technology Officer Craig Lurey \u2013 to peer into their crystal balls to find what 2018 holds. Here\u2019s what they saw.IoTIoT has been on Patrick\u2019s mind a lot lately, not just because it represents a vast expansion of the attack surface, but also because it opens whole new types of data to compromise. \u201cEvery aspect of your everyday life is potentially accessible to anyone anywhere in the world in seconds,\u201d he says. \u201cAll your conversations can be accessed, captured and converted.\u201dVulnerabilities have already been reported in voice-activated personal assistants, and attackers years ago figured out how to turn on smart phone microphones and cameras without the owner\u2019s knowledge. \u201cWe will see a major IoT security disaster this year, and I think it will be bigger than the Dyn hack of 2016,\u201d which originated with printers, security cameras, residential gateways and baby monitors,\u201d Patrick says.New attack vectorsNew attack vectors have also been on Craig\u2019s mind, particularly in light of recent disclosures of hardware flaws in microprocessors. \u201cThere\u2019ll be more activity by hackers around hardware-based attacks that go after the memory of the device,\u201d he says. Particularly concerning is that \u201cSpectre and Meltdown took advantage of hardware flaws but were able to abstract them to the software level.\u201d That makes them harder to stop with conventional anti-malware protections alone. Hardware vulnerabilities may demand a whole new type of protection.GDPRGDPR has many people spooked because of its onerous penalties \u2013 violators can be fined up to four percent of annual revenues per incident \u2013 as well as the strict set of controls the regulation imposes upon keepers of personal information. Will the European Union enforce GDPR to the full extent of the law, or will the scope of the penalties cause regulators to pull their punches? Patrick thinks it\u2019s the former. \u201cIt\u2019s in the EU\u2019s best interest to aggressively enforce the regulation,\u201d he says. \u201cIf they don\u2019t, then people will ignore it.\u201d He expects the EU to penalize an assortment of large, medium and small companies \u201cto show that just because you\u2019re small, you don\u2019t get to skate.\u201dPassword alternativesMany smart phone makers have lately been showing off alternatives to passwords, such as biometric security controls. While these technologies have some promise, they also create new targets for attackers, Craig believes. Cyber criminals will turn more attention to compromising systems that are supposedly super secure, such as two-factor authentication (2FA), he believes. \u201cMeltdown opened up new ways to get in,\u201d by showing how hardware can be exploited he says. \u201cAttackers will look for ways to sidestep 2FA.\u201dEmergency warning systemsAnother intriguing new target for the bad guys is emergency warning systems. Just since the first of the year, citizens in Hawaii and Japan have received false notifications of impending missile attacks. In both cases, human error was the culprit, but attackers will no doubt look for opportunities to create mayhem using the same channels. Imagine the security implications of being able to clear out entire neighborhoods or cities for burglars to mine. \u201cIt\u2019s social engineering on a large scale,\u201d says Craig.BlockchainNow that the bitcoin bubble is beginning to melt away, practical applications of blockchain will emerge, Patrick believes. So will questions about the security of various blockchain-based technologies. Crypto currencies will be a viable medium of transactions in the future, but Patrick doesn\u2019t believe bitcoin will be the winner. \u201cIt relies on massive amounts of electricity, and I don\u2019t think it\u2019s sustainable,\u201d he says. \u201cWhat makes a currency valuable over the long term is its stability. Bitcoin looks more like a Ponzi scheme right now.\u201d As an alternative, he suggests Digibyte, which is billed as a set of \u201cdigital assets that cannot be destroyed, counterfeited or hacked.\u201dOur experts also shared these quick predictions:\u201cThe security skills gap will become even more pronounced. Companies will be less time available to patch quickly, which will create even more opportunities for ransomware authors.\u201d \u2013Patrick\u201cMore sites will require strong passwords and start defaulting to much longer generated passwords. There\u2019ll be more attention paid to 2FA, but that approach will also be under fire.\u201d \u2013Craig\u201cState-sponsored hacking will grow and continue to be a concern. I don\u2019t think it\u2019s going away.\u201d \u2013Patrick\u201cThere\u2019ll be a lot more work around security at the software development stage. New cybersecurity degrees and programs will pop up in this area. It deserves its own field of study.\u201d \u2013CraigOne thing is clear from our experts\u2019 prognostications: Securing ourselves and our organizations will only get more difficult this year.