Whether it’s virtual meetings, immersive 3D customer experiences, or even facility tours, Metaverse is poised to transform the way businesses operate.
Gartner predicts that by 2026, a quarter of us will spend at least an hour a day in the Metaverse for work, shopping, education, social media and/or entertainment. Some brands like Nike and Coca-Cola already have a presence there and use it to drive brand awareness and purchase of physical products.
With such a buzz around Metaverse, we better understand why more and more companies are starting to take an interest in it. But do they think about the risks? Shouldn’t we imagine a different security method from the physical world for the virtual world?
The obstacle to the security of the Metaverse lies in its foundations. Metaverse is built on blockchain technology, hence the serious security gaps we have already seen in NFT markets and blockchain platforms such asThe open sea, rare AND Everscale. Given the amount of malicious activity already exploiting blockchain-based services, it won’t be long before we see the first attacks on the Metaverse. It will likely rely on authorization and user accounts will be hijacked. This is why we expect issues of identity and authentication to take center stage in the debate.
However, this is complicated because people may want to have multiple identities in the Metaverse, one for business conversations and another for personal purchases and hobbies. The operation is even more complicated as there is no single identity that allows us to assert that it is really you. The answer may lie in the identity string. Will blockchain then help us understand where we transact and with whom? It is a big challenge. And since blockchain technologies are decentralized and unregulated, it becomes very difficult to combat theft of virtual assets or prevent money laundering.
Another big security challenge is the safe spaces needed to carry out the activities. Imagine you’re on a Zoom or Teams call. It’s a private dating space, but what about in the Metaverse? How do we know if a person sitting in a chair is not actually an avatar and that we have an imposter in our midst? We need to be able to distinguish right from wrong and having a safe space for meetings and transactions will be crucial.
In the early days of the Internet, malicious cyber actors took advantage of ordinary people’s lack of technology knowledge to create malicious sites that posed as banks to obtain financial information. Phishing scams of this type still exist, although the forms of social engineering are now more sophisticated. The Metaverse is something of a whole new Internet, and it can be sure that the public’s lack of knowledge, both businesses and consumers, will be exploited.
Interestingly, every transaction made on the blockchain is fully traceable. Therefore, this will become much more important, especially when it comes to having an audit trail of what was discussed and every decision made in a business context. But a question remains as to how this information moves from the virtual world to the physical world. Will a contract be legally binding in the Metaverse? Or will they have to be transferred to the physical world to be signed and then returned?
Researchers have discovered security flaws in blockchain and crypto projects that are part of the Metaverse. Vulnerabilities exploited by cybercriminals focus on flaws in smart contracts that allow hackers to hack and download cryptocurrency platforms and application vulnerabilities within blockchain platforms; they allow hackers to attack platforms and hijack users’ wallet balances. We risk rushing headlong into the Metaverse without considering these kinds of implications.
Much of the concern about security in the Metaverse is exacerbated by the severe skills shortage in the cybersecurity industry. According to’2021 (ISC)² Cybersecurity Workforce Study, we have nearly 3 million cybersecurity professionals and the current global workforce needs to grow by 65% to effectively protect organizations’ critical assets. This percentage is likely to increase significantly if we also consider the new virtual space.
Is it really worth it?
Other cybersecurity risks within the Metaverse abound, such as cyberattacks through the use of vulnerable virtual or augmented reality devices, which serve as gateways for the development of malware and data breaches. These devices essentially collect large amounts of user data and information, such as biometrics, making them attractive to hackers. Metaverse skeptics are also increasingly concerned about data privacy. In fact, data is collected by tools such as Second Life, thus risking to violate users’ privacy.
We can ask ourselves the question of the interest of Metaverse if it presents so much risk, unfortunately, a company (whatever its size) that does not choose Metaverse may find itself in a situation where it has to catch up and potentially lose business. . However, it is possible to make a slow transition, as many have done with cloud migration. There will always be risks and for those who take them and succeed, the payoff will be very positive. After all, companies will not be able to do this on their own, but will have to cooperate with organizations working in this field. The Metaverse will affect everyone, and it is undeniable that missteps will be made, similar to those made in the early days of the Internet.
Top 3 security questions about your Metaverse login:
1 – Coming soon. Business leaders and security professionals need to talk about this and fully understand the implications.
2 – Examine how you currently manage your services in the real world and determine if these services correspond in any way to Metaverse. You may find that some of them are not and are not secure in this world, for example mobile devices, tablets, cloud and multi-cloud.
3 – Learn how to correctly identify and authenticate yourself. Companies should improve their strategy around these two issues. People tend to do things without thinking about safety, when it should be their priority.
from Adrian Wondercyber security expert at Check Point Software