a reality for all companies

Whether it’s virtual meetings, immersive 3D customer experiences or even facility tours, Metaverse is poised to transform the way businesses operate.

Gardener predicts that by 2026, a quarter of us will spend at least an hour a day in the Metaverse for work, shopping, education, social media and/or entertainment. Some brands such as Nike and Coca-Cola already have a presence there and use it to promote brand awareness and purchase of physical products.

With such a buzz around Metaverse, we better understand why more and more companies are starting to take an interest in it. But do they think about the risks? Shouldn’t we imagine a different security method than the physical world for the virtual world?

The obstacle to the security of the Metaverse lies in its foundation. Metaverse is built on blockchain technology and therefore the serious security holes we have already seen in NFT marketplaces and blockchain platforms such asOpenSea, rare and Everscale. Given the amount of malicious activity already leveraging blockchain-based services, it won’t be long before we see the first attacks in the Metaverse. It is likely that it will rely on authorization and user accounts will be hijacked. Therefore, we expect the issues of identity and authentication to occupy a central place in the debate.

However, this is difficult because people may want to have multiple identities in the Metaverse, one for business conversations and another for personal purchases and hobbies. The operation is all the more complex as there is no single identity that allows us to confirm that it is actually you. The answer may lie in the identity string. Will blockchain then help us understand where we trade and with whom? It is a big challenge. And since blockchain technologies are decentralized and unregulated, it becomes very difficult to combat virtual asset theft or prevent money laundering.

Redefines reality

Another major security challenge is the secure spaces needed to carry out activities. Imagine you’re on a Zoom or Teams call. It’s a private meeting place, but what about in the Metaverse? How do we know if a person sitting on a chair is not really an avatar and that we have an impostor among us? We need to be able to distinguish right from wrong, and having a safe place for meetings and transactions will be crucial.

In the early days of the Internet, malicious cyber actors took advantage of ordinary people’s lack of knowledge of technology to create malicious websites posing as banks to obtain financial information. Phishing scams of this type still exist, although forms of social engineering are now more sophisticated. The metaverse is something of a brand new internet, and you can be sure that the lack of public knowledge, both companies and consumers, will be exploited.

Interestingly, every transaction made on the blockchain is fully traceable. This will therefore become much more important, especially when it comes to having an audit trail of what was discussed and any decisions made in a business context. But there is still a question about how this information moves from the virtual world to the physical world. Will a contract be legally binding in the Metaverse? Or do they need to be transferred to the physical world to be signed and then sent back?

Researchers have discovered security flaws in blockchain and crypto projects that are part of Metaverse. The vulnerabilities exploited by cybercriminals focus on flaws in Smart Contracts that allow hackers to hack into and drain cryptocurrency platforms and application vulnerabilities within blockchain platforms; they allow hackers to attack platforms and hijack users’ wallets. We risk rushing headlong into the Metaverse without considering these kinds of implications.

Much of the concern about security in the Metaverse is exacerbated by the huge skills shortage in the cybersecurity industry. According to’2021 (ISC)² Cybersecurity Workforce Study, we lack nearly 3 million cybersecurity professionals, and the current global workforce needs to grow by 65% ​​to effectively defend organizations’ critical assets. This percentage is likely to see a significant increase if we also consider the new virtual space.

Is it really worth it?

Other cybersecurity risks within the Metaverse abound, such as cyberattacks through the use of vulnerable augmented or virtual reality devices that act as gateways to evolving malware and data breaches. These devices inherently collect large amounts of user data and information, such as biometrics, which makes them attractive to hackers. Metaverse skeptics are also increasingly concerned about data privacy. In fact, data is collected using means such as Second Life, which risks violating users’ privacy.

We can ask ourselves the question of Metaverse’s interest if it poses such a big risk, unfortunately a company (regardless of size) that does not choose Metaverse can find itself in a situation where it has to catch up and potentially lose business. However, it is possible to make a slow transition, as many have done by migrating to the cloud. There will always be risks, and for those who take them and succeed, the payoff will be very positive. Ultimately, companies will not be able to do this on their own, but will need to collaborate with organizations working in this area. The metaverse is going to affect everyone, and it’s undeniable that missteps will be made, similar to those made in the early days of the Internet.

The 3 most important security questions related to your access to Metaverse:

1 – It will come soon. Business leaders and security professionals need to talk about it and fully understand the implications.

2 – Examine how you currently manage your services in the real world and determine if those services are in any way equivalent to Metaverse. You may find that some of them are not and not even secure in this world, for example mobile devices, tablets, cloud and multi-cloud.

3 – Learn how to perform your identification and authentication correctly. Companies need to improve their strategy around these two issues. People tend to do things without thinking about safety when it should be their priority.
____________________

By Adrian Wondercyber security expert at Check Point Software

ALSO READ

From Bitcoin to Metaverse: The current trend is a real revolution

“Metaverse crystallizes a lot of problems in our digital industries”

According to Gartner, 1 in 4 people will spend more than an hour a day in metaverse by 2026.

Exploring the potential of the metaverse

Leave a Comment