The metaverse is a new reality and platform that brings both opportunities and challenges. Today’s cyber security threats are likely to persist in this new era, presenting a challenging and multi-valent threat landscape, which in turn will require robust and innovative security solutions.
To develop tailored security solutions to threats arising from the metaverse ecosystems, organizations must work with IT leaders, CIOs, and CIOs to continuously develop new security strategies and define the current threat landscape.
The metaverse can be exploited in similar ways security leaders already see the internet being exploited, but in three dimensions, primarily Padric O’Reilly, co-founder of risk management firm CyberSaint, says Padrick O’Reilly.
This ranges from spoofing, phishing, and identity fraud to malware, ransomware, social media abuse, and water bug attacks.
“Consider the number of storefronts or virtual experiences that can be woven, the number of new form field entries, and the number of bad URLs that exist,” he says. “Conceptually, if the metaverse was driven by the avatar, there could be some kind of kidnapping during gameplay, or some kind of double spawning; identity theft takes on a whole new meaning, really.”
A new level of anonymity
Corey Klein, senior cybersecurity advisor at nVisium, an application security provider, points out that the metaverse offers a new level of anonymity for individuals who interact with each other.
“This is not a new issue in the metaverse, where people have dealt with conversation integrity since the dawn of social interaction on the Internet,” he says.
However, with more and more social and workplace interaction taking place in places known as the metaverse, a new level of awareness is required to ensure that you are actually talking to the person you think you are.
John Bampnik, principal threat hunter at Netenrich, a SaaS security and operations analytics company, agrees, noting that nearly all cybersecurity threats begin or are reinforced by deception of the individual.
“Ultimately, I think most of the crimes that happen in Metaverse will surround deception toward individuals,” he says. “Romantic scams involve huge financial losses but are almost completely ignored when companies consider cybersecurity risks.”
For most social media companies, he explains, ensuring that individuals actually exist (i.e. not bots) and are authentic (i.e. not scammers running 20 accounts) will still be an issue.
“Social media companies aren’t too far behind in dealing with this issue, seeing the news about the use of bots on Twitter,” says Bampnik. “This problem will only expand relentlessly into the metaverse.”
The need for a zero-trust architecture
O’Reilly says a trust-free architecture and more legal protections are needed to ensure the security of experiences and transactions in the metaverse.
In his view, blockchain technology is too power-averse, and without a central authority that upholds the so-called strict data integrity of the blockchain, it will remain vulnerable.
“Security rating companies, like us for third-party risk now, will be important to individuals in the metaverse,” he adds. Security policy, in the absence of a central authority, will vary from party to party. This is similar to what I see in risk management, which is a serious range of maturities in terms of policies and procedures.”
He believes that there will not be a single monolithic “security policy”, but that the major content providers are more likely to create and advertise their approach – which means overall security is likely to be patchy.
Pampnik notes that to the extent that big tech companies consider the risks of emerging technologies, the risks they consider are risks to themselves, not often their users.
“The pattern of large companies simply outsourcing their risks to their user base will continue for the foreseeable future,” he adds.
With concepts of the metaverse powered by NFTs and blockchain technology, Cline adds, there is likely to be an increase in accompanying “pump and dump” schemes aimed at funneling funds from unsuspecting users.
“In addition, there is a risk of various phishing campaigns being carried out in a more open environment,” he says. “After all, most people would expect to see a cartoon character talking to them in a metaverse font; perhaps in a modified voice.”
This means that threat actors may not need to carry out complex and fake phishing exercises when all they need is a username, avatar, and voice close to the target.
Furthermore, employers need to be aware when interviewing in the metaverse due to the potential for potential employees to send in “reserves” for interviews.
“In general, fraud may become more prevalent in the new environment,” warns Klein.
Security focus should be on individuals
Ultimately, the cybersecurity issue will never be resolved until we can protect the individual outside the umbrella of the company’s security program, says Bampnik.
“There must be entities working to keep people safe while they use social media companies or there must be effective laws and regulations on tech companies that require them to create secure environments,” he says.
O’Reilly says that if the metaverse is going to live up to even a portion of its hype, security will have to be provided from the start.
“That is, it should be part of the concept, as we see in best practice software development lifecycles,” he explains. “There should be some kind of internet charter from the biggest participants that stresses transparency and laws for individuals. Cyberspace is everyone’s responsibility in the future.”
What to read next:
Understand the potential business opportunities for Metaverse
How executives are now investing in the future of Metaverse
10 Ways Metaverse Technology Can Prepare
#Addressing #cyber #threats #Metaverse