Whether it’s virtual meetings, immersive 3D customer experiences, or even facility tours, the Metaverse is poised to transform the way businesses work.
Gartner predicts that by 2026, a quarter of us will spend at least an hour a day in the Metaverse for work, shopping, education, social media, and/or entertainment. Some brands such as Nike and Coca-Cola already have a presence there and are using it to drive brand awareness and purchase of physical products.
With such a buzz around the Metaverse, we better understand why more and more companies are starting to take an interest in it. But are they thinking about the risks? Shouldn’t we imagine a different security method for the virtual world than the physical world?
The obstacle to the Metaverse’s security lies in its foundations. The Metaverse is built on blockchain technology hence the serious security gaps we have already seen in NFT marketplaces and blockchain platforms such asOpen sea, special and Everscale. Given the amount of malicious activity already using blockchain-based services, it won’t be long before we see the first attacks in the Metaverse. It is likely that it will rely on authorization and user accounts will be hijacked. Therefore, we expect the issues of identity and authentication to be central to the debate.
However, this is tricky because people may want to have multiple identities in the Metaverse, one for business conversations and another for personal purchases and hobbies. The operation is all the more complicated because there is no identity with which to confirm that it is indeed you. The answer may lie in the identity string. Will blockchain then help us understand where we transact and with whom? It’s a big challenge. And since blockchain technologies are decentralized and unregulated, it becomes very difficult to fight virtual asset theft or prevent money laundering.
Redefining reality
Another major security challenge is the safe spaces required to conduct activities. Imagine you’re in a Zoom or Teams conversation. It’s a private meeting space, but what about the Metaverse? How do we know if a person sitting on a chair is not in fact an avatar and that we have an impostor among us? We need to know right from wrong, and having a safe space for meetings and transactions will be critical.
In the early days of the internet, malicious cyber actors took advantage of ordinary people’s lack of technological knowledge to create malicious sites posing as banks to obtain financial information. Phishing attacks of this type still exist, although forms of social engineering are now more sophisticated. The Metaverse is something of a whole new internet, and one can be sure that the lack of public knowledge, both businesses and consumers, will be exploited.
Interestingly, every transaction on the blockchain is fully traceable. This will therefore become much more important especially when it comes to having an audit trail of what has been discussed and all decisions made in a business context. But a question remains about how this information gets from the virtual world to the physical world. Will a contract be legally binding in the Metaverse? Or do they have to be transferred to the physical world to be signed and then returned?
Researchers have discovered security flaws in blockchain and crypto projects that are part of the Metaverse. The vulnerabilities that cybercriminals are exploiting focus on flaws in smart contracts that allow hackers to hack into and purge cryptocurrency platforms and application vulnerabilities within blockchain platforms; they allow hackers to attack platforms and hijack users’ wallet balances. We risk running headlong into the Metaverse without considering these kinds of implications.
Many of the security concerns in the Metaverse are exacerbated by the massive skills shortage in the cybersecurity industry. According to’2021 (ISC)² Cybersecurity Workforce Survey, we are short of nearly 3 million cybersecurity professionals and the current global workforce needs to grow by 65% to effectively defend organizations’ critical assets. This percentage will probably increase considerably if we also consider the new virtual space.
Is it really worth it?
Other cybersecurity risks within the Metaverse abound, such as cyberattacks through the use of vulnerable augmented or virtual reality devices, which serve as gateways to evolving malware and data breaches. These devices inherently collect large amounts of user data and information, such as biometric data, making them attractive to hackers. Metaverse skeptics are also increasingly concerned about data privacy. Indeed, data is collected by means of, for example, Second Life, which means that there is a risk that the privacy of users will be violated.
We can ask what the importance of the Metaverse is when it carries so much risk, unfortunately a company (no matter the size) that doesn’t choose the Metaverse could end up in a situation where it has to catch up and possibly do business must lose. However, it is possible to make a slow transition, as many have done with the migration to the cloud. There will always be risks and for those who take them and succeed, the payoff will be very positive. Ultimately, companies will not be able to do this alone, but will have to work with organizations that are active in this field. The Metaverse will affect everyone, and there’s no denying that mistakes will be made, similar to those made in the early days of the Internet.
The 3 most important security questions regarding your access to Metaverse:
1 – It’s coming. Business leaders and security professionals need to talk about it and fully understand the implications.
2 – Examine how you currently manage your services in the real world and determine if these services match the Metaverse in any way. It may be that some of them are not and not even safe in this world, e.g. mobile devices, tablets, cloud and multi-cloud.
3 – Learn how to do your identification and authentication correctly. Companies need to improve their strategy around these two issues. People tend to do things without thinking about safety when that should be their priority.
_________________________
Through Adrian Wondercyber security expert Check Point software
READ ALSO
From Bitcoin to Metavers: the current trend is a true revolution
“Metaverse crystallises many problems in our digital industries”
According to Gartner, 1 in 4 people will spend more than an hour a day in metaverses by 2026.
Exploring the potential of the metaverse