A man uses virtual reality to enjoy metaverse platforms

Source – Shutterstock

Are metaverse platforms leaving the door open for cybercriminals?

  • More than $120 billion has been invested in building metaverse infrastructure and technology in the first five months of 2022
  • There will be a range of digital touchpoints with differing levels of protection in this metaverse

It’s understandable why the metaverse is a hot topic at the moment. It promises a 3D representation of the internet, where virtual reality (VR) and mixed reality provide a limitless escape. Tech behemoths are already in motion and vying with one another to offer the best metaverse platforms.

Metaverse, which creates a space parallel to the real world where people can live rich digital lives, essentially turning dreams into reality. People may hang out with friends, shop for real or virtual goods, play and create games, buy and monetize real estate, and much more.

It’s obvious that the metaverse has the potential to be the source of the upcoming digital upheaval. According to McKinsey & Company, more than $120 billion has been invested in building metaverse infrastructure and technology in the first five months of 2022. That is more than twice the $57 billion that was invested in 2021 as a whole.

Even though the metaverse seems fantastic and thrilling, one question that people have is, “How secure is the metaverse?

Jacqueline Jayne, Security Awareness Advocate at KnowBe4 shares her views with Tech Wire Asia about cyber security in the metaverse, specifically how companies can protect themselves and remain secure in the metaverse.

With an explosion of apps and data, what are the additional security challenges metaverse platforms will face? What can be done at this stage to ensure metaverse platforms are resilient enough?

I think we will see similar security challenges manifest in the metaverse platforms. Before speaking about these challenges, I would like to outline the many different spaces inside the metaverse. While the definition is still evolving, the metaverse basically encompasses digital worlds that can be found in games, spaces like Decentraland, Sandbox, Roblox, etc, it also includes virtual reality spaces that can be accessed through VR headsets similarly, there can be augmented reality spaces that can be accessed through apps, browsers and other means on the phone or other devices, the metaverse also includes digital assets whether they are in the form of NFTs or otherwise and in the metaverse there are a plethora of digital coins and currencies. Many discussions about the promise of digital ownership include being able to transfer digital assets across platforms and commercialize them in different ways.

With this said, when discussing the security challenges, I think we can expect to see varying levels of security across the different digital touchpoints in this metaverse. For platforms, whether they are a game, a seller of goods, or the host of a virtual world, it will be important to design their environments and experiences with security in mind. Platforms will have to make sure they are helping users make the right choices when authenticating their digital identities and using digital assets. The rapid acceleration of the metaverse and the excitement bring many people flocking to open accounts on different platforms and obtaining digital wallets. Metaverse platforms will need to find ways to educate their users about scams and best practices for using their platform.

What creators of technologies and experiences in the metaverse can do at this stage to ensure their platforms are resilient enough is to anticipate the many security breaches, leaks, scams and attacks that have already been experienced in Web 2.0. In other words, anticipate that scammers will attempt to steal credentials, digital wallet access, digital assets, etc and implement security by design for the platforms from the beginning. However, resiliency doesn’t stem from good design and robust code alone. Resiliency stems from its users as well. Platforms should seek to find ways to constantly educate their users on what malicious behavior on their platform looks like and how to avoid it.

Will the malicious cyber activity be worse in an immersive virtual setting?

I don’t know that it would be “worse”, but I believe we should be able to anticipate the same malicious cyber activity as we have seen before. For example, we have already seen scammers on Discord who are in legitimate groups and post links that look like the authentic link but have one letter that is off. Victims think they are buying an NFT that will give them access to a community but instead, they go to the wrong page and pay for an NFT that never makes it to their wallet.

How will a lack of interoperability in platforms and virtual environments impact security? What is a workaround to the problem? 

Everything in the Web 3.0 / metaverse / smart device infrastructure world is new and developing fast. Because of this there will constantly be changes with new features, creating new ways for hackers to socially engineer users. So platforms will need to be very clear about any new log-in mechanisms and ways that digital assets are managed and how digital money is exchanged on their platform. Apart from this, different platforms will have different ways they operate, this inconsistency will be a challenge for users, as something that they understood to be secure in one platform may be less secure in another platform. Similarly, different platforms will have different authentication mechanisms. Now is the perfect time for platforms to engage in conversations about how digital identities, avatars and assets can be moved, used and traded across different platforms. Both from a standardization perspective and a security perspective.

However, as we start to increase the amount of time we work, play and socialize in the metaverse, we will need to develop a collective security culture around these new technologies. I would argue that the time has come for higher digital literacy levels across all members of our society.

Will any aspect of cybersecurity we see today be easier to control and manage in the metaverse?

Because the blockchain is transparent, stolen cryptocurrency and digital assets are easier to track. Finding the identity of who it belongs to is the challenge. However, the transparency of the blockchain has made some aspects of financial fraud easier for law enforcement.

Other than the blockchain aspects, it is hard to say what would be easier as the fundamental aspects of code, authentication and social engineering still apply. In other words, there will still be zero-days in code, there will be attempts to hack through authentication mechanisms and however the platform works, there will be social engineers trying to hack the human element, and of course, there will still be malicious actors who will try to hack employees of these platforms.