Whether it’s virtual meetings, immersive 3D customer experiences, or even facility tours, the Metaverse is poised to transform the way businesses operate.
Gartner predicts that by 2026 a quarter of us will spend at least one hour a day in the Metaverse for work, shopping, education, social media and / or entertainment. Some brands like Nike and Coca-Cola already have a presence there and use it to increase brand awareness and purchase physical products.
With such a buzz around the Metaverse, we better understand why more and more companies are starting to take an interest in it. But do they think about the risks? Shouldn’t we imagine a security method other than the physical world for the virtual world?
The obstacle to the security of the Metaverse lies in its foundations. The Metaverse is built on blockchain technology, hence the serious security gaps we have already seen on NFT markets and blockchain platforms such asOffshore, rare And Everscale. Given the amount of malicious activity already exploiting blockchain-based services, it won’t be long before we see the first attacks in the Metaverse. It is likely to rely on authorization and user accounts will be hijacked. We therefore expect the issues of identity and authentication to occupy a central place in the debate.
However, this is complicated because people may want to have multiple identities in the Metaverse, one for business conversations and another for personal shopping and hobbies. The operation is all the more complex as there is no single identity that allows us to affirm that it is really you. The response may reside in the identity string. Will the blockchain help us understand where we transact and with whom? It is a great challenge. And since blockchain technologies are decentralized and unregulated, it becomes very difficult to fight the theft of virtual resources or prevent money laundering.
Another big security challenge is the safe spaces needed to carry out activities. Imagine you’re on a Zoom or Teams call. It’s a private meeting space, but what about in the Metaverse? How do we know if a person sitting on a chair is not actually an avatar and that we have an imposter among us? We need to be able to discern right from wrong, and having a safe space for meetings and transactions will be key.
In the early days of the Internet, malicious cyber actors took advantage of ordinary people’s lack of knowledge of technology to create malicious sites posing as banks in order to obtain financial information. There are still phishing scams of this type, although the forms of social engineering are now more sophisticated. The Metaverse is a whole new kind of Internet and you can be sure that the lack of public knowledge, both of businesses and consumers, will be exploited.
Interestingly, every transaction made on the blockchain is fully traceable. This will then become much more important, especially when it comes to having an audit trail of what has been discussed and any decisions made in a business context. But a question remains as to how this information moves from the virtual world to the physical world. Will a contract be legally binding in the Metaverse? Or will they have to be transferred to the physical world to be signed and then sent back?
Researchers discovered security holes in the blockchain and crypto projects that are part of the Metaverse. Vulnerabilities exploited by cybercriminals focus on flaws in Smart Contracts that allow hackers to hack and drain cryptocurrency platforms and application vulnerabilities within blockchain platforms; they allow hackers to attack platforms and hijack users’ wallet balances. We risk plunging headlong into the Metaverse without considering these kinds of implications.
Much of the security concern in the Metaverse is exacerbated by the huge skills shortage in the cybersecurity industry. According to’2021 (ISC) – Cyber Security Workforce Study, we are short of nearly 3 million cybersecurity professionals, and the current global workforce must grow 65% to effectively defend critical organizations’ assets. This percentage is likely to increase considerably when the new virtual space is also considered.
Is it really worth it?
Other cybersecurity risks within the Metaverse abound, such as cyber attacks through the use of vulnerable augmented or virtual reality devices, which act as gateways for evolving malware and data breaches. These devices inherently collect large amounts of user data and information, such as biometric data, making them attractive to hackers. Metaverse skeptics are also increasingly concerned about data privacy. The data, in fact, are collected through means such as Second Life, thus risking to violate the privacy of users.
We can ask the question of the interest of the Metaverse if it presents so many risks, unfortunately a company (whatever its size) that does not choose the Metaverse could find itself in a situation where it has to recover and potentially lose business. However, it is possible to make a slow transition, as many have done with the migration to the cloud. There will always be risks and for those who take them and succeed, the payoff will be very positive. Ultimately, companies will not be able to do this on their own, but will have to partner with organizations operating in this area. The Metaverse will affect everyone and it is undeniable that missteps will be made, similar to those that were made in the dawn of the Internet.
The top 3 security questions related to your entry into the Metaverse:
1 – It will arrive soon. Business leaders and security professionals need to talk about it and fully understand its implications.
2 – Examine how you currently manage your services in the real world and determine if these services match the Metaverse in any way. You may find that some of them are not and are not even secure in this world, such as mobile, tablet, cloud and multi-cloud.
3 – Find out how to correctly perform your identification and authentication. Companies need to improve their strategy on these two issues. People tend to do things without thinking about safety, when it should be their priority.
Of Adrian WonderIT security expert at Check Point Software
From Bitcoin to Metavers: the current trend is a real revolution
“The metaverse crystallizes many problems in our digital industries”
According to Gartner, 1 in 4 people will spend more than an hour a day in metaverses by 2026.
Explore the potential of the metaverse