Metaverse resilience through cybersecurity and governance

As Australian businesses start to enter the metaverse, research from the US found that attacks targeting metaverse pioneers have increased by 40% in Q1 2022, compared with Q4 in 2021. Although the metaverse provides innovative new opportunities across a vast variety of industries, there is still a significant lack of understanding about what the metaverse really means, which is leaving early adopters exposed from a security perspective.

The metaverse describes many internet-based real-time virtual spaces that can be used for work and social experiences, often using avatars. This might still sound like a sci-fi concept, but the technology is real and businesses are already starting to take their first virtual steps into the metaverse. Yesterday’s fantasy is rapidly becoming today’s virtual reality.

The numbers support this, too. The metaverse has been valued as a US$800 billion market opportunity by Bloomberg, prompting many Australian organisations to consider the opportunities the metaverse could provide for their operations.

Enterprises are already enabling extended reality applications so that customers can browse through their virtual ‘physical’ spaces and learn more about their services or retail offerings. Healthcare providers can see 3D images of the human body to facilitate diagnoses and treatments. First responders can conduct exercises in simulated environments to be prepared to manage real-time triage and containment challenges. The list of potential use cases is nearly infinite, as is the opportunity ahead.

Big opportunities usually come with proportionate risks, and metaverse opportunities are no different. A study from the World Economic Forum found that Australians believe that metaverse application will significantly impact virtual learning (65%), digital health resources (61%) and digital entertainment in virtual reality (60%) over the next 10 years. As familiarity with the metaverse intensifies, so too does the potential for trust. As such, the metaverse will need rules to govern security, data collection and storage, and regulatory compliance.

Businesses need to consider their security at all levels and ensure that this can be, and is, maintained no matter where assets travel, but also the security and safety of users of their products and services accessed within the metaverse.

Regulation and governance

In an abstract economy, where metaverse experiences create opportunities for people to function across various channels on the internet, a system of regulation and governance with recognised intermediaries is essential to ensure supervision and build confidence. For example, financial transactions conducted via smart avatars will generate data, thus questions arise about how that data should be processed and governed and what contracts need to be in place to ensure privacy.

Information derived from digital assets and interactions — whether technical or sociological — must be governed, and users must be protected from malicious or manipulative use of their data. One method of doing this is through data access and usage transparency. This is theoretically possible by using immutable records to capture data access and utilisation which, when decentralised (as in blockchain) could provide democratised access to monitor and govern the behaviour of those wanting to use the data. Additionally, the concept of ownership and monetisation in a metaverse space can be democratised through capabilities such as non-fungible tokens used in a blockchain.

Security concerns

The proliferation of data generated by the metaverse amplifies the risks associated with data breaches and cybersecurity attacks. And because you’re transacting in a virtual environment, there are potentially greater risks of identity theft and impersonation. Legitimate concerns include counterfeit non-fungible tokens and fake avatars, which could reveal sensitive information and enable unwanted access to cryptocurrency wallets and blockchain scams from phoney financial organisations.

In addition to the governance-related concerns described above, some of the main security threats are associated with identity, data and privacy. Identity thefts — such as impersonation attacks, unauthorised and stolen identity, and unauthorised interoperability linkage — can occur in a metaverse. Data-related threats are very similar to those that exist today, such as tampering, spoofing, false data injection and so on.

Ensuring privacy is even more important in a metaverse because user behaviour can be captured at a more granular level than in the physical world. In addition to the types of malware attacks we see in the web 2.0, there are more chances of ‘Sybil attacks’ — where one hacker can pretend to be many identities at the same time.

As such, it is important to develop a ‘security and privacy by design’ mindset as the number of interactions and the related proliferation of data needs to be appropriately secured. Also, the algorithms that are powering metaverse experiences are constantly learning, which creates a further complexity that will need to be monitored and protected. The task of protecting organisational assets, data and people is massive and will need to be shared by those working on technologies supporting metaverse experiences and the users, as well as the government bodies that provide regulation on the data flow between them.

Educating employees

While a metaverse is about our experience with the internet of the future, web 3.0 is about how the future of the internet will be built. Companies building with web 3.0 need to ensure that their employees have the skills and tools to identify internal and external threats and take appropriate action to reduce security risks. In the past, countless companies have lost consumer trust due to a lack of security and secure practices within web 2.0 applications. All employees need to be educated and equipped with the right information to help ensure personal and business safety and prevent data proliferation and leaks. Organisations need to implement an educational approach at the very start of their journey into building with web 3.0 and creating interaction paradigms in a metaverse.

Why metaverse experiences matter

The world is facing numerous ongoing and escalating problems such as climate change and economic inequalities against the backdrop of the recent pandemic. Metaverse experiences create an environment that can help companies, governments and social enterprises address these headline topics through immersion and enhanced collaboration.

However, there is a widespread need for education and consultancy, especially as innovation continues to outpace regulation.

Web 3.0 is already being used to enable many of the new metaverse interaction paradigms for customers, investors and employees, while governments will be able to use it to better communicate with their citizens. But lingering, legitimate concerns about governance and security are tapping the brake on progress. Partnering with organisations that have the tools, experience and expertise can help to ease the journey to safely and confidently create metaverse interactions that solve pressing business, social and environmental problems.

Image credit: ©stock.adobe.com/au/ipopba