Many brands are already entering the metaverse, but the cybersecurity threat is real

From virtual meetings to immersive 3D customer experiences, the metaverse will transform how companies operate. Gartner predicts that by 2026, 25% of us will spend at least one hour a day in it for work, shopping, education or entertainment. Brands like Nike and Coca-Cola are already there, driving awareness and purchasing physical products.

With so much buzz, more companies will join. But are they considering the risks? We will need a different approach to security in a virtual world, but what will that entail? 

Concerns around security in the metaverse are exacerbated by the huge skills shortage in the cybersecurity sector. The 2022-23 federal budget included high-level investments in the national cybersecurity and intelligence agency, the Australian Signals Directorate (ASD). Over the next four years, ASD will get around $4 billion to support cyber capabilities. 

But we need to start preparing now. So, let’s look at the risks and how to prepare for them.

The biggest hurdle to the metaverse being a secure environment is in its foundations. It is built on blockchain technology. There has been a sheer amount of malicious activity exploiting security gaps in NFT marketplaces and blockchain platforms such as OpenSea, Rarible and Everscale. We believe we will soon see attacks in the metaverse, likely based on authorisation and user account hijacking. So we expect identity and authentication to sit at the heart of cyber strategies.

It can be tricky, as people might want multiple identities, one for work and another for personal activities, adding a layer of complexity as no single identity says it’s definitely you. The answer could be in chained identity. Will blockchain help us understand where we’re transacting and with whom? This is a challenge, given these technologies are decentralised and unregulated, making policing the theft of virtual assets or preventing money laundering very difficult.

Redefining reality 

Another challenge is the safe spaces needed for businesses. Currently, we use private virtual call rooms, but in the metaverse, how do we know if a chair someone sits on isn’t an avatar and we have an impostor in our midst? We need to discern what’s real and fake, and having a safe space to meet and transact will be crucial.

Interestingly, every transaction on the blockchain is fully traceable, which is far more important, especially when it comes to having an audit trail of what was discussed and decided in a business context. But how will that information be taken from the virtual world to the physical? Will contracts be legally binding in the metaverse? How will that be done securely? 

Researchers discovered security gaps within blockchain and crypto projects that are part of the metaverse. Focused on smart contracts, crypto vulnerabilities, when exploited by hackers, allow them to exploit and drain crypto platforms. Inside blockchain platforms, these gaps enable cybercriminals to attack and hijack users’ wallets’ balances. 

It would be dangerous to rush headlong into the metaverse without considering these implications. 

Is it worth it? 

Other risks, such as cyberattacks via vulnerable AR/VR devices, are an entryway for evolving malware and data breaches. These devices collect large amounts of user data and information, becoming attractive to hackers. Concerns around data privacy are also growing among sceptics, with additional information being collected through avenues like Second Life, potentially violating user privacy.

You might be thinking, “why bother if there are so many risks involved?”. There will always be risks, but there will be huge rewards for those who consider them. The metaverse will hit everyone, and there’s no denying that mistakes will be made.

So it is worth putting the time in now to prepare to move across to the metaverse. Any company that doesn’t may find itself in a place where it’s playing catch up and, potentially, losing opportunities or engaging in processes that damage its businesses. 

Organisations will need to rely much more on their partners to help mitigate risk, as this is a global phenomenon. At the end of the day, though, businesses won’t be able to do it themselves; partnering with organisations that work within that space will take a great deal. 

Here are the top metaverse security considerations:

1. It’s coming. Business leaders and security professionals need to talk about it and understand the landscape by looking at what competitors are doing in that space.
2. Look at how you currently run services in the physical world and understand if they map to the metaverse. Some of them won’t and perhaps aren’t secure in this world, such as mobile devices, tablets, cloud and multi-cloud.
3. Get your identification and authentication done correctly. The answer isn’t just a password or two-factor authentication. Companies need to up their game around these issues.