- Employee awareness
- 5 min read
Regular readers of our metaverse cybersecurity insights understand that this new immersive platform brings new and sophisticated cyber threats. Unfortunately, this trend looks set to continue as more organisations trial metaverse services.
Many services and connections needed for the metaverse to thrive, and boom, have yet to be installed. For example, if you were to purchase a piece of digital land in Decentraland using cryptocurrency, you would not be able to tour the virtual space with a Meta avatar as the connective infrastructure between metaverses is still being ironed out. Such digital land is hosted on decentralised servers, so there is no real-world location for them.
In fact, an open-source community of tech industry veterans have set up the Open Metaverse Interoperability Group (OMI), to ensure that users can achieve seamless “meta-traversal”. This venture is still in its infancy and a work in progress.
Likewise, cybersecurity in the metaverse is also a work in progress … which is worrying considering the amount of business taking place in the metaverse. The metaverse’s technical cybersecurity protocols are always evolving and updating to reflect threats and risks as they are discovered. However, more work also needs to be done in relation to regulatory bodies and national laws.
Today, we will continue our foray into metaverse cybersecurity and what moves are being made to keep organisations and users safe.
Even before the metaverse, a user’s digital identity has been a contentious point of discussion and security. Nefarious individuals can fake a trustworthy identity via phishing emails, vishing calls or even text messages to gain access to physical and digital locations for illegal profit. With the metaverse, a far more immersive platform, cybercriminals can draft far more elaborate forms of identity theft and impersonation.
In TelePerformance’s metaverse analysis, Jeff Schilling (Global Chief Information Security Officer), states: “The threat of social engineering will potentially be even more effective in a 3D world, where deepfakes will be prevalent and an imposter is even more capable of tricking victims.”
So how do you protect yourself from identity mimicry on the metaverse? Schilling continues: “No matter the medium – telephone or metaverse – the best way to resist social engineering is by having a foolproof way to validate who is on the other end of the conversation.”
As a result, you need to incorporate a variety of cybersecurity measures. Metaverse identity security looks like strong passwords, biometric logins, multi-factor authentication (MFA), end-to-end encryption and more! According to the Identity Management Institute, in 2020, the global identity protection market size sat at $12.3 billion. This total is expected to double by 2025, boosted by metaverse innovations.
So, if your business is looking to move some parts of its day-to-day business into the metaverse, identity protection and verification must be a critical part of your security protocols. Once your employees and metaverse users feel safe and secure on your platform, you can then start to put further preventative measures in place.
In fact, evidence shows that only 34% of companies with a forward-thinking approach to identity protection experienced a breach, whilst a greater 54% of companies with a reactive approach to cybersecurity experienced a breach (IDSA 2020 Survey).
Very well-known forms of cyberattacks are being altered and supercharged in the metaverse. An ordinary ransomware attack in the era of Web 2.0, could result in a hefty one-off ransom being paid. In the metaverse, a ransomware attack could lead to cryptojacking; here ransomware takes over a user’s system indefinitely and uses it to mine for cryptocurrencies in the background.
We teach organisations and their employees to always remain vigilant, smart, and active when operating at work. Malware links are always looking to trick you! They do this with socially engineered emails, social media posts and even compromised physical hardware. However, with the metaverse comes more smoke and more mirrors.
Imagine, you are in a metaverse that utilises avatars and accessories. One day you receive a message with a link for free accessories or upgrades to your avatar. Because advice and verification steps have yet to be finalised on these platforms, you could fall for trojan horses hiding malicious malware.
So, whilst cybersecurity measures are catching up to new cyber threats, the law stumbles idly behind. For example, many countries have laws that prohibit gambling. Do these laws apply to the metaverse as well? Is there a physical location attached to this virtual landscape? In this instance, countries are widening the scope of their gambling regulations to incorporate metaverse platforms, otherwise they fear it may become a haven for gambling ventures.
To help organisations get started with metaverse security. We have put together some ideals to follow and protocols to put in place as a solid foundation, in addition to the advice we have shared above:
As adoption and user base grows, metaverse users will become high-value targets for cyber-attacks. If your organisation takes an active approach to new emerging cyber threats on the virtual platform, you can also be proactive in implementing security measures, protocols, and behaviours to counter them.
Security developers and managers will be at the forefront of metaverse cybersecurity as they will be learning and adapting on the job to new threats and gaps in security.
In truth, we still have a long way to go – technically, legally, and behaviourally – before we have a homogenous and secure metaverse. And even then, we must remain vigilant to even more innovative cyberthreats.
If you would like more information about how The Security Company can help deliver security awareness training, raise awareness, increase security skills, and establish a secure culture, or how we can run a behavioural research survey to pinpoint gaps in your security culture, please contact Jenny Mandley.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51