The intimate nature of the metaverse and the data it creates will provide ample opportunities for cybercriminals.
When Facebook changed its name to Meta in October, the word ‘metaverse’ moved from the domain of tech geeks to the mainstream. The concept of the metaverse was popularized in the science-fiction novel Snow Crash by Neal Stephenson to refer to a digital universe that can be accessed through virtual reality. This bold, exciting space has been part of many recent works of science fiction, such as the Matrix and Ready Player One and has until recently been confined to the gaming and virtual reality space.
The power of the Metaverse
Individuals can create lifelike virtual worlds by using digital avatars, where they can immerse themselves in digital environments through AR/VR headsets. While it seems straight out of a sci-fi movie, the metaverse is already here and is deemed as the next iteration of the internet, with Facebook’s Virtual Labs division offering virtual reality headsets (Oculus Quest), which from 2022 will also include early-stage mixed reality with face and eye tracking technology.
Not just that – a long list of companies such as Alphabet, Microsoft, and Apple are also planning to lead the metaverse race. Several innovative startup companies have also been exploring the area in recent times, and sooner than later, the virtual world will become a reality for more and more people.
Analysts believe there will be a significant amount of activity in the area starting 2022. As Monish Darda, Co-founder and CTO at Icertis, believes, “The metaverse will transform the way we interact and bring our digital and physical lives together in unprecedented ways. This will not only create new businesses, but also reshape traditional businesses.”
However, the intricate nature of the metaverse and the data it creates will provide ample opportunities for cybercriminals.
The ‘Metaverse’ poses huge security risks
Experts believe some of the cybersecurity challenges with metaverse will be similar to what we are already familiar with on the internet. The continued rise of cybercrime over the past 18-24 months has revealed just how lucrative it can be to hack into a company or an individual’s online accounts. But, in addition to normal phishing, malware, and hacking that we are familiar with, the metaverse will likely bring entirely new cyber crimes because of its infrastructure.
Pankaj Sachdeva, Vice President, Innovation and India Site Leader at Pitney Bowes, highlights the plethora of security and privacy challenges the metaverse is likely to bring along with the multiple new avenues of hardware, telecom, and digital opportunities.
“The many more sensors around you collecting data, the internet connected hardware, the unregulated spaces of Crypto and NFTs, malicious smart contracts, among others bring huge risks in the Metaverse. Data security, identity management, platform compliance, cybersecurity laws will all need to be reconsidered and amended to include these potential new risks.
A key issue with the metaverse is its reliance on hardware in order to experience the platform. The metaverse is centered on external digital devices such as VR headsets that can easily fall prey to hackers if left unprotected. For example, data captured through these headsets, or any of the other wearable devices that will certainly be introduced in the future, can be very sensitive in nature. And this can be opportune for bad actors.
Shweta Berry, Head of Strategic Alliances, Marcom, Sales Enablement and CSR Divisions, at Aeris Communications, India, notes that like any other technology platform, the metaverse has data privacy and security-led issues, like verification and forging of identities, collecting, and processing of data, cyber threats, etc. that could crop up often.
“Hence, in addition to existing information security measures, organizations planning to put the metaverse on their tech roadmaps will need to establish a customized strategy with security, privacy, and ethics at the forefront,” she says.
Another interesting observation is that as the metaverse is heavily centered on the use of cryptocurrencies and non-fungible tokens (NFTS), these can be attractive targets for cybercriminals. For example, art pieces are verified and digitally tracked by being placed in the public ledger of the blockchain. But, just like in the real art world, collectors can easily be duped by replicas that are minted by cybercriminals poised as legitimate authenticators.
Keeping cyber crime out of the metaverse
While there is no one answer on how to make the metaverse a safer place, organizations should come up with new and innovative security strategies to keep cybercriminals at bay.
“As technology continues to evolve, the metaverse will be built on a foundation of contracts that are more dynamic, intelligent, and connected, bridging the virtual and real worlds to make the metaverse more relevant. Risk management and security will emerge as top priorities for CXOs who will need to focus on identifying, managing, and mitigating risk across functions in their organization. It will be critical for CXOs and Boards to leverage contracts as enterprise vehicles to understand their legal, commercial, operational, reputational, geographical, and political risks in quasi real-time,” says Darda.
“With the solid investments from large corporations and forward-looking work by startups, the Metaverse is here to stay. And it is time for CXOs to rethink their potential role in the virtually connected world,” says Sachdeva.
Increased regulation of the internet is another possibility to secure the metaverse. However, that’s not easy considering the internet remains one of the last frontiers of free speech and information. Widespread control of the internet by governmental bodies in the future therefore may not be possible as it will raise the question of ethics.
One area that needs proper attention is that the metaverse is still a vague term to most of us and needs greater clarity in terms of security and privacy aspects. Hence, education and awareness are the most effective ways for people and businesses to stay secure on the internet and, in the metaverse.
Understanding the risks inherent in online activity, and deploying the right cybersecurity resources to protect yourself and your organization are the key to remaining cyber resilient in this new digital age.