In October last year Facebook — one of the biggest tech companies in the world — went all in on the metaverse.
Not only was there a video showing founder Mark Zuckerberg in the metaverse going from a poker game, to taking a work phone call to looking at some street art, it went as far as renaming Facebook’s parent company to Meta.
This may well be looked back on as one of the watershed moments in the birth of Web3 and the rise of the metaverse.
Inevitably and unsurprisingly, businesses and brands are now clambering to get in on the metaverse and capitalise on its vast potential.
But just as the metaverse comes with staggering potential, it also comes with substantial risks, especially from a cybersecurity and privacy point of view.
And cybersecurity needs to be a key consideration from the outset. It needs to be baked into the development of metaverse products and everything to do with Web3, and cannot be a mere afterthought, or something that comes into the picture only after a significant and damaging attack.
The metaverse will only hit the mainstream and be the revolutionary technology that it promises to be if security is ensured and placed at the forefront.
The metaverse is the next big thing in tech
In 2021 virtual real estate sales topped US$500 million ($700 million), and this is set to double this year. The metaverse is seen as a trillion-dollar opportunity, and the excitement around it has seen many companies and brands get in on the action already.
Earlier this year the Australian Open launched nearly 7000 unique pieces of generative art NFTs (non-fungible tokens), while Dolce and Gabbana has unveiled a collection of art and NFTs. Australian mobile telco Circles.Life has also recently invested in a 3D billboard above Emporium in Melbourne’s CBD, featuring 3D avatars of its customers and influencer partners.
The metaverse is likely to be a dimension in all of our lives in the future, but it will be a new dimension of cyber risk too. As much as it is a fertile breeding ground for innovation, the same applies for savvy hackers and malicious cyber actors.
Make sure cybersecurity is baked into all Metaverse plans
There is also a significant risk of companies diving headfirst into the metaverse in an effort to get there before their competitors without thinking about cybersecurity at all, or addressing the legitimate questions around privacy, theft and fraud.
We’ve already seen how enticing NFTs are for hackers, and how damaging this can be for individuals. In April last year hackers gained control of the Bored Ape Yacht Club Instagram account and sent out a phishing post, resulting in the seizing of NFTs worth an estimated $US3 million.
The metaverse is currently a free and decentralised space, with no admins and questions over how laws will be applied, making it easy to commit crime and difficult to police.
Ransomware gangs will likely thrive, and domain spoofing will be prevalent and dangerous. There is also an increased risk of phishing scams, fake marketplaces, the hacking of smart contracts and malware in Web3.
Businesses looking to jump into the metaverse need to be embedding cybersecurity and privacy-enhancing practices into all their metaverse plans, in order to protect themselves and to ensure the overall success of the technology.
How can businesses stay secure in the metaverse?
For users, endpoint protection remains crucial, as it is with Web2. This includes VPNs, proxies and anti-malware software.
With a transforming threat landscape, organisations need to be proactive to stay on top of the cyber risks, with effective threat hunting, penetration testing and monitoring.
Employee awareness training also needs to be regular and engaging, and on top of these new technologies. This will help to avoid the risks of cyberattacks such as phishing and malware.
To counter the cyber threats in the metaverse, our approach will need to be nimble, robust and willing to adjust quickly and smartly.
An added difficulty is that the very nature of the metaverse means that cybersecurity posturing will have to be seamless and frictionless. The technology hinges on being able to move quickly and easily between “universes” and activities, and cybersecurity cannot stand out as a roadblock slowing down this process.
This is also an opportunity for businesses with good cybersecurity to differentiate themselves from the crowded pack of rivals.
It will inevitably take time for regulation and lawmakers to catch up with the metaverse, and innovators in the space won’t be prepared to wait for this.
Just as it’s important to innovate and capitalise on the potential of the new technology, it’s important to innovate in terms of cybersecurity and protections now, and not wait until it’s too late.
Humans will be just as likely to make mistakes in the metaverse as they have been using digital technologies leading up it, so ongoing awareness and training will remain a cornerstone of cybersecurity. The key will be to ensure this training is augmented to account for the way people interact and communicate in the metaverse, making it relatable and effective.