The Metaverse: A Reality Check

Uploaded on 2022-10-05 in TECHNOLOGY--Developments, FREE TO VIEW

From virtual meetings to immersive 3D customer experiences, or even property tours, the Metaverse will transform the way that companies operate. Gartner predicts that by 2026, a quarter of us will spend at least one hour a day in the Metaverse for work, shopping, education, social media and/or entertainment. 

Some brands are already there today, such as Nike and Coca-Cola, who are using it to drive brand awareness and the purchase of physical products. It’s easy to see why more and more companies will start to do business there.  

But are they thinking about the risks? We will certainly need a different approach to security in a virtual world compared to the physical, but what will that entail?  Let’s take a look at what the risks are and how to start getting prepared, because you do need to start now. 

The biggest hurdle to the Metaverse being a secure environment is in its foundations. The Metaverse is built on blockchain technology and we have already seen serious security gaps in crypto currency marketplaces and blockchain platforms.  Due to the sheer amount of malicious activity exploiting services based on the blockchain it won’t be long before initial attacks in the Metaverse begin.

This will likely be based on authorisation in which user accounts will be hijacked, with identity and authentication being the critical attack vectors. For example, some people might want to have multiple identities within the Metaverse, perhaps one for transacting work conversations and another for personal shopping and entertainment. 
This adds another layer of complexity as there’s then no single identity that can verify it's definitely you.

The answer could be in 'chained identity' - using blockchain to  confirm who we are transacting with -  although this is a major challenge, since blockchain technologies are decentralised and unregulated, which makes things like policing the theft of virtual assets or preventing money laundering very difficult.

Redefining Reality 

Another key security challenge is in the safe spaces needed to conduct business. Imagine you’re on a Zoom or Teams call. It’s a private meeting space - but what will that be like in the Metaverse? How do we know that a chair someone is sitting on isn’t actually an avatar and we have an impostor in our midst? You may think that would be impossible, but it's a virtual world. Of course, it can.

We need to be able to discern between what’s real and what’s fake and having a safe space to meet and transact will be crucial.

When the Internet first came out, threat actors exploited the average human’s unfamiliarity with the tech by creating malicious sites that impersonated banks to obtain financial details. Phishing scams like this still occur, albeit we now see more sophisticated forms of social engineering. 

The Metaverse is like a whole new Internet, and you can guarantee that people’s unfamiliarity with it, both businesses and consumers, will be exploited.

Interestingly, every transaction that happens on the blockchain is fully traceable, so this will become far more important, especially when it comes to having an audit trail of what has been discussed and any decisions made in a business context. But that leaves a question over how that information is taken from the virtual world to the physical.

Are contracts going to be legally binding in the Metaverse? Or will they need to be brought into the physical world to be signed and then pushed back in? How will that be done securely? 

Researchers have discovered security gaps within blockchain and crypto projects which are part of the Metaverse. 
The vulnerabilities that been exploited by cyber crime are focused on vulnerabilities with smart contracts that allows hackers to exploit and drain crypto platforms and around application vulnerabilities inside blockchain platforms that allows hackers to attack through the platforms and hijack users’ wallets balance. 

There is a danger that we rush headlong into the Metaverse without considering these types of implications. 
A lot of the concerns around security in the Metaverse are exacerbated by the huge skills shortage in the cybersecurity sector. According to the 2021 (ISC) Cybersecurity Workforce Study, there is a shortage of 3 million cyber security professionals and the current global cyber workforce needs to grow by 65% to effectively defend organisations’ critical assets. That percentage is likely to be a lot higher if we also consider the new virtual world.
Is it worth it? 

Other cyber security risks within the Metaverse abounds such as cyberattacks via the use of vulnerable AR/VR devices, as an entryway for evolving malwares and data breaches. These devices inherently collect large amounts of user data and information such as biometrics, making it attractive to hackers. Concerns around data privacy are also a growing voice amongst Metaverse sceptics, with additional data being collected through avenues like Second Life, potentially violating user privacy.

You might wonder why bother if there are so many risks involved? But it is absolutely worth putting the time in now, to get ready for moving across to the Metaverse. Any company that doesn’t, may find itself in a place where it’s playing catch up and potentially losing out on business or engaging in processes that put the business at risk. 

Organisations will need to be much more reliant on their partners around the world to help mitigate risk, as this is very much a global phenomenon. But there will always be some risk and for for those that get it right, there will be huge rewards.  

Top Metaverse Security Considerations 

1.    It's coming. You can't put your head in the sand and pretend that it isn't. Business leaders and security professionals need to talk about it and understand what it might mean for them. Understand the landscape by looking at what competitors are doing in that space.

2.    Have a look at how you are currently running services now in the physical world and understand if these services map in any way to the Metaverse. You may find that some of them don't and aren't even secure in this world, such as mobile devices, tablets, cloud and multi-cloud.

3.    Understand how to get your identification and authentication done correctly. The answer to that isn't just having a password or two factor authentication. Companies need to really start upping their game around these two issues. People tend to do things without thinking about security, whereas they should be thinking of security first.

Businesses won’t be able to do it themselves, it will take a great deal of partnering with organisations that work within that space. The Metaverse will hit everyone, and there’s no denying that mistakes will be made, similar to those that were made in the early days of the Internet.  

You Might Also Read: 

Mark Zuckerberg's Vision: How AI Will Unlock The Metaverse:

 

« EU Businesses Risk Fines For Not Complying With IoT Security Rules
US Defence Needs New Software at the Centre of its Operations »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NCX Group

NCX Group

NCX Group is an Information Risk Management Firm, specializing in Information Security, Business Continuity, Incident Response & Security as a Service

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

ICS Defender

ICS Defender

ICS Defender provides a platform for promoting SCADA security knowledge along with associated services for the security of industrial control systems.

TechArch

TechArch

TechArch helps customers to optimize their investments in cybersecurity by providing them independent and vendor-neutral consultation and guidance.

FCase

FCase

FCase is an end-to-end Fraud Orchestrator which takes fraud management systems from basic, standalone detection to an enterprise-focused approach.

WhiteSource

WhiteSource

WhiteSource is the only all-in-one security, compliance, and reporting solution for managing open source components.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.