Written By: Ram Narayanan, Country Manager – ME, Check Point Software Technologies
From virtual meetings to immersive 3D customer experiences or even property tours, the Metaverse will transform the way that companies operate. Gartner predicts that by 2026, a quarter of us will spend at least one hour a day in the Metaverse for work, shopping, education, social media, and/or entertainment. Some brands are already there today, such as Nike and Coca-Cola, who are using them to drive brand awareness and the purchase of physical products. With so much buzz around the Metaverse, it’s easy to see why more and more companies will start to do business there. But are they thinking about the risks? We will certainly need a different approach to security in a virtual world compared to the physical, but what will that entail? Let’s take a look at what the risks are and how to start getting prepared (because you do need to start now).
The biggest hurdle to the Metaverse being a secure environment is in its foundations. The Metaverse is built on blockchain technology and we have already seen serious security gaps in NFT marketplaces and blockchain platforms such as OpenSea, Rarible, and Everscale. Due to the sheer amount of malicious activity that we already see exploiting services based on the blockchain, we believe it won’t be long before we start to see initial attacks in the Metaverse too. It will likely be based on authorization, and user accounts will get hijacked, so we expect that identity and authentication will sit at the heart of everything we want to do.
Another key security challenge is in the safe spaces needed to conduct business. Imagine you’re on a Zoom or Teams call. It’s a private meeting space, right? But what will that be like in the Metaverse? How do we know that a chair someone is sitting on isn’t an avatar and we have an impostor in our midst? You may think that can’t possibly happen, but it’s a virtual world. Of course, it can. We need to be able to discern between what’s real and what’s fake, and having a safe space to meet and transact will be crucial.
When the Internet first came out, threat actors exploited the average human’s unfamiliarity with the tech by creating malicious sites that impersonated banks to obtain financial details. Phishing scams like this still occur, albeit we now see more sophisticated forms of social engineering. The Metaverse is like a whole new Internet, and you can guarantee that people’s unfamiliarity with it, both businesses and consumers, will be exploited.
Cyberattacks Via Vulnerable AR/VR Devices
Other cybersecurity risks within the Metaverse abound such as cyberattacks via the use of vulnerable AR/VR devices, as an entryway for evolving malware and data breaches. These devices inherently collect large amounts of user data and information such as biometrics, making them attractive to hackers. Concerns around data privacy are also a growing voice amongst Metaverse skeptics, with additional data being collected through avenues like Second Life, potentially violating user privacy.
Organizations will need to be much more reliant on their partners around the world to help mitigate risk, as this is very much a global phenomenon. But there will always be some risk and for those that take them and get it right, there will be huge rewards. At the end of the day though, businesses won’t be able to do it themselves, it will take a great deal of partnering with organizations that work within that space. The Metaverse will hit everyone, and there’s no denying that mistakes will be made, similar to those that were made in the early days of the Internet.