Whether it’s virtual meetings, immersive 3D customer experiences, or even facility tours, Metaverse is poised to change the way businesses operate.
Gartner predicts that by 2026, a quarter of us will spend at least an hour per day in the Metaverse for work, shopping, education, social media, and/or entertainment. Other brands such as Nike and Coca-Cola already have a presence there and use it to drive brand awareness and purchase of physical products.
With such a buzz around Metaverse, we understand better why more and more companies are starting to take interest in it. But do they think about the risks? Shouldn’t we imagine a security approach different from the physical world for the virtual world?
The security barrier of the Metaverse lies in its foundations. Metaverse is built on blockchain technology so the serious security gaps we already see in NFT markets and blockchain platforms likeOpenSea, very rare and Everscale. Given the amount of malicious activity already exploiting blockchain-based services, it won’t be long before we see the first attacks on the Metaverse. It is likely to rely on permission and user accounts will be hijacked. This is why we expect the issues of identity and authentication to occupy a central place in the debate.
However, this is tricky because people want to have multiple Metaverse identities, one for business conversations and one for personal purchases and hobbies. The operation is more complicated because there is no single identity that allows us to verify that it is you. The answer may be in the identity string. Will the blockchain then help us understand where we are transacting and with whom? This is a big challenge. And because blockchain technologies are decentralized and unregulated, it can be very difficult to combat virtual asset theft or prevent money laundering.
Interpretation of reality
Another major security challenge is the safe spaces required to carry out activities. Imagine you’re on a Zoom or Teams call. This is a private forum, but what about the Metaverse? How do we know if a person sitting in a chair is not really an avatar and that we have an impostor in our midst? We need to be able to distinguish right from wrong, and having a safe place for meetings and transactions is essential.
In the early days of the Internet, malicious cyber actors took advantage of ordinary people’s lack of technological knowledge to create malicious sites impersonating banks to obtain financial information. Phishing scams of this type still exist, although today’s forms of social engineering are more sophisticated. The Metaverse is something of a new Internet, and one can be sure that the lack of awareness of the public, businesses and consumers, will be exploited.
Interestingly, every transaction made on the blockchain is fully traceable. That is why it becomes more important, especially when there is an audit part of what is discussed and any decisions made in the business context. But there remains the question of how this information moves from the virtual world to the physical world. Will the contract be legal in Metaverse? Or should they be transferred to the physical world to be signed and then returned?
Researchers have discovered security flaws in Metaverse’s blockchain and crypto projects. Vulnerabilities exploited by cybercriminals focus on flaws in Smart Contracts that allow hackers to hack and drain cryptocurrency platforms and application vulnerabilities within blockchain platforms; they allow hackers to attack platforms and hijack users’ wallet balances. We risk rushing into the Metaverse without considering these kinds of implications.
Much of the concern about Metaverse security is exacerbated by the industry’s massive lack of cybersecurity expertise. according to’2021 (ISC)² Cybersecurity Workforce Study, we are nearly 3 million short of cybersecurity professionals and the current global workforce needs to grow by 65% to effectively protect organizations’ critical assets. This percentage is likely to see a considerable increase if we also consider the new virtual space.
Is it really worth it?
Other cybersecurity risks within the Metaverse are numerous, such as cyberattacks through the use of vulnerable augmented or virtual reality devices, which serve as gateways to emerging malware and data breaches. These tools inherently collect a lot of user data and information, such as biometrics, which makes them attractive to hackers. Skeptics of the metaverse are also increasingly concerned about data privacy. In fact, data is collected through means such as Second Life, thereby risking to violate the privacy of users.
We can ask ourselves the question of the interest of Metaverse if it shows too much risk, unfortunately, a company (regardless of its size) that does not choose Metaverse can find itself in a situation where it has to catch up and possibly lose business. However, it is possible to make a slow transition, as most cloud migrations do. There are always risks and for those who take them and succeed, the payoff can be very positive. Finally, companies cannot do this on their own, but must collaborate with organizations that work in this area. The Metaverse affects everyone, and it is undeniable that missteps will be made, similar to those made in the early days of the Internet.
The 3 main security questions related to your login to Metaverse:
1 – It will come soon. Business leaders and security professionals need to talk about this and fully understand the implications.
2 – Examine how you currently manage your services in the real world and determine if these services correspond in any way to the Metaverse. You may find that some of them are not and are not even safe in this world, for example mobile devices, tablets, cloud and multi-cloud.
3 – Learn how to do your identification and authentication correctly. Companies need to improve their strategy on these two issues. People tend to do things without thinking about safety, when it should be their priority.
By means of Adrian Wondercybersecurity expert at Check Point Software
From Bitcoin to Metavers: the current trend is a real revolution
“Metaverse crystallizes many issues in our digital industries”
According to Gartner, 1 in 4 people will spend more than an hour per day in metaverses by 2026.
Exploring the potential of the metaverse