How companies can guard against new cyberthreats that may emerge as a result of the metaverse

With the recent buzz of the metaverse, there seems to be some anticipation with companies to see all that it has to offer, but while companies wait, they must also ensure adequate security to guard against the cyber threats that may come with it.

Seeing that the metaverse would be making use of avatars, companies need to understand that these avatars can be manipulated by hackers, and the result of this could cost a lot.

According to the head of the industry intelligence group at CyberMedia Research, a research and consulting firm, Prabhu Ram, avatars can be hacked and there could be deepfakes.

Deepfakes are digital characters that have been modified to appear or sound like someone else.

Companies like Meta, previously known as Facebook, and Ralph Lauren have been racing to take the lead in embracing the metaverse in recent months. But, until cyber-threats in the metaverse are handled, these businesses may not achieve the success they desire.

Currently, there has been a sudden rise in cybercrimes all around the world even as cybersecurity agencies are doing their best to curb the menace.

Check Point, a cybersecurity firm, estimated a 50% rise in overall attacks per week on business networks in 2021 compared to the previous year. As companies hurry to establish a presence in the metaverse, not all will be aware of the full extent of the hazards that this new environment poses, according to Ram.

He said “Since the contours and potential of metaverse are yet to be fully realized, the overt concerns around privacy and security issues in the metaverse remain confined to only a few ‘tech-aware’ companies. Also adding that “As new attack vectors emerge, they will require a fundamental realignment of today’s security paradigms to identify, verify and secure the metaverse.”

User identity and privacy measures were identified as crucial aspects for interacting and transacting in the metaverse by JPMorgan in a white paper released in February.

Safeguarding of one's identity

According to the white paper, “Verifiable credentials should be easily structured to enable easier identification of fellow community or team members, or to enable configurable access to varying virtual world locations and experiences.”

The head of security engineering for Asia-Pacific and Japan at Check Point Software Technologies, Gary Gardiner concurred with it.

He believes that the same attitude that applies to internet security should be extended to the metaverse and that security procedures should be user-friendly.

Gardiner said people are looking at blockchain for user identification or tokens that might be issued by an organization, or biometrics in a headset you're wearing so there's that degree of confidence so you truly know who you're talking to.

He also proposed that small exclamation marks be placed above the head of an avatar to indicate that they are untrustworthy.

Breach of personal information

A major concern in the real world, which is the invasion of user privacy by digital companies,  may also make its way into the virtual reality realm. As users leave data trails across the metaverse.

For example, in the 2018 Facebook and Cambridge Analytica incident, millions of users' data were collected and used without their knowledge. If rigorous rules are not put in place to protect users, there may be even more data available for these firms to feed on in the metaverse.

Organizations can capture data such as head and eye movement or speech when users wear gadgets like virtual reality headsets, according to Philip Rosedale, founder of Second Life, an online environment where people can hang out, eat, and shop virtually.

That is, we can tell it's you wearing the device in a matter of seconds. This is a potentially major privacy issue for the virtual world, he warned.

The way forward

Microsoft co-founder Bill Gates predicted in a blog post in December that within the next two to three years, most virtual meetings will move to the metaverse.

Gardiner feels that well-trained employees are essential for organizations to operate properly in the metaverse. He said, “The weakest point in any organization from a cybersecurity perspective is the user.”

Users that have that level of training and comprehension of what is suspicious will be in a better position if an attack occurs in the metaverse, he added.

Rosedale and Gardiner agreed that safeguarding privacy is ultimately dependent on the security platforms and safety models that the metaverse provides for businesses. Even as firms push to employ risk mitigation methods.

Rosedale used LinkedIn as an example, saying that users will need to be able to use a web of trust to exchange information with others to develop trust more quickly.

You may examine whether you have friends in common with someone new by identifying people you trust and sharing that knowledge with other trustworthy people, he said.

According to Gardiner, organizations interested in the metaverse's architecture will need to collaborate to create a single standard that will allow security mechanisms to be deployed efficiently.

“The foundation of the metaverse has to be done well because if the foundation is weak and it’s not done well, people will lose confidence in the platform and we’ll stop using it.” he said.