• United States




What cybersecurity surprises does 2018 hold?

Feb 14, 20185 mins
Data and Information SecurityInternet of ThingsPasswords

One thing's for sure: securing ourselves and our organizations will only get more difficult this year.

little girl sunglasses bright future predictions big data
Credit: Thinkstock

Bitcoin, the General Data Protection Regulation in Europe and the Internet of Things (IoT) are just three recent developments that will present security professionals with new challenges in 2018. That’s in addition to the usual raft of malware, DDoS attacks and database thefts that have dominated the headlines for some time.

To get a handle on what to expect, we asked two Keeper Security experts – Director of Security and Architecture Patrick Tiquet and Chief Technology Officer Craig Lurey – to peer into their crystal balls to find what 2018 holds. Here’s what they saw.


IoT has been on Patrick’s mind a lot lately, not just because it represents a vast expansion of the attack surface, but also because it opens whole new types of data to compromise. “Every aspect of your everyday life is potentially accessible to anyone anywhere in the world in seconds,” he says. “All your conversations can be accessed, captured and converted.”

Vulnerabilities have already been reported in voice-activated personal assistants, and attackers years ago figured out how to turn on smart phone microphones and cameras without the owner’s knowledge. “We will see a major IoT security disaster this year, and I think it will be bigger than the Dyn hack of 2016,” which originated with printers, security cameras, residential gateways and baby monitors,” Patrick says.

New attack vectors

New attack vectors have also been on Craig’s mind, particularly in light of recent disclosures of hardware flaws in microprocessors. “There’ll be more activity by hackers around hardware-based attacks that go after the memory of the device,” he says. Particularly concerning is that “Spectre and Meltdown took advantage of hardware flaws but were able to abstract them to the software level.” That makes them harder to stop with conventional anti-malware protections alone. Hardware vulnerabilities may demand a whole new type of protection.


GDPR has many people spooked because of its onerous penalties – violators can be fined up to four percent of annual revenues per incident – as well as the strict set of controls the regulation imposes upon keepers of personal information. Will the European Union enforce GDPR to the full extent of the law, or will the scope of the penalties cause regulators to pull their punches? Patrick thinks it’s the former. “It’s in the EU’s best interest to aggressively enforce the regulation,” he says. “If they don’t, then people will ignore it.” He expects the EU to penalize an assortment of large, medium and small companies “to show that just because you’re small, you don’t get to skate.”

Password alternatives

Many smart phone makers have lately been showing off alternatives to passwords, such as biometric security controls. While these technologies have some promise, they also create new targets for attackers, Craig believes. Cyber criminals will turn more attention to compromising systems that are supposedly super secure, such as two-factor authentication (2FA), he believes. “Meltdown opened up new ways to get in,” by showing how hardware can be exploited he says. “Attackers will look for ways to sidestep 2FA.”

Emergency warning systems

Another intriguing new target for the bad guys is emergency warning systems. Just since the first of the year, citizens in Hawaii and Japan have received false notifications of impending missile attacks. In both cases, human error was the culprit, but attackers will no doubt look for opportunities to create mayhem using the same channels. Imagine the security implications of being able to clear out entire neighborhoods or cities for burglars to mine. “It’s social engineering on a large scale,” says Craig.


Now that the bitcoin bubble is beginning to melt away, practical applications of blockchain will emerge, Patrick believes. So will questions about the security of various blockchain-based technologies. Crypto currencies will be a viable medium of transactions in the future, but Patrick doesn’t believe bitcoin will be the winner. “It relies on massive amounts of electricity, and I don’t think it’s sustainable,” he says. “What makes a currency valuable over the long term is its stability. Bitcoin looks more like a Ponzi scheme right now.” As an alternative, he suggests Digibyte, which is billed as a set of “digital assets that cannot be destroyed, counterfeited or hacked.”

Our experts also shared these quick predictions:

“The security skills gap will become even more pronounced. Companies will be less time available to patch quickly, which will create even more opportunities for ransomware authors.” –Patrick

“More sites will require strong passwords and start defaulting to much longer generated passwords. There’ll be more attention paid to 2FA, but that approach will also be under fire.” –Craig

“State-sponsored hacking will grow and continue to be a concern. I don’t think it’s going away.” –Patrick

“There’ll be a lot more work around security at the software development stage. New cybersecurity degrees and programs will pop up in this area. It deserves its own field of study.” –Craig

One thing is clear from our experts’ prognostications: Securing ourselves and our organizations will only get more difficult this year.


Darren Guccione is the CEO and co-founder of Keeper Security, the world’s most popular password manager and secure digital vault. Keeper is the first and only password management application to be preloaded with mobile operators and device manufacturers including, AT&T, Orange, America Movil and HTC. Keeper has millions of consumer customers and the business solution protects thousands of organizations worldwide.

Darren is regularly featured as a cyber-security expert in major media outlets including CBS Evening News, Fox & Friends, USA Today, ABC and Mashable. Darren was a panelist at FamilyTech Summit at CES 2017 and keynote speaker at Techweek Chicago 2015. In 2014, Keeper won the Chicago Innovation Awards and in 2016 won the Global Telecoms Business Awards with Orange for Consumer Service Innovation. Darren was recently named in the Chicago Top Tech 50 by Crain’s Chicago Business.

He started the company with extensive experience in product design, engineering and development. At Keeper, Darren leads product vision, global strategy, customer experience and business development.

Prior to Keeper, Darren served as an advisor to JiWire, now called NinthDecimal. NinthDecimal is the leading media and technology service provider for the WiFi industry. He was formerly the Chief Financial Officer and a principal shareholder of Apollo Solutions, Inc., which was acquired by CNET Networks.

He holds a Masters of Science in Accountancy with Distinction from the Kellstadt School of Business at DePaul University of Chicago and a Bachelors of Science in Mechanical and Industrial Engineering from the University of Illinois at Urbana-Champaign, where he was the recipient of the Evans Scholarship and Morton Thiokol Excellence in Engineering Design Award. He was also the recipient of the Distinguished Alumnus Award presented by The Department of Industrial & Enterprise Systems Engineering. Additionally, Darren is a licensed Certified Public Accountant.

Darren is a community board member of the Chicago Entrepreneurial Center (1871) supporting the development of early stage companies and an advisor to TechStars – a Chicago-based technology incubator for innovative startups. Formerly, Darren served on the Committee of Technology Infrastructure under Mayor Richard Daley.

The opinions expressed in this blog are those of Darren Guccione and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.