When Facebook rebranded as Meta in the autumn of last year, the concept of the Metaverse took a big step out of the realm of fantasy and into the possibility of becoming part of our everyday lives.
Christopher Boyd is a Senior Threat Researcher at Malwarebytes.
Motivated largely by a relative lack of understanding for what exactly is meant by the term, the Metaverse poses a host of new and unknown threats, particularly when it comes to cybersecurity.
Learning from the past
Much like when you play a new video game - as you progress through the levels you are confronted with different realms offering new and ever more sinister threats - the Metaverse can be understood as a new realm of reality, bringing with it an array of uncharted dangers. In a similar vein to how many didn’t perhaps appreciate the explosion in popularity of online gaming during the 7th generation of consoles 15 or so years ago, today we continue to fail to appreciate (or at least underestimate) the significant risks that could be posed by the Metaverse down the line in these early stages of adoption.
So, as organizations attempt to capitalize on the wave of popularity that has accompanied its introduction, rogue entities are increasingly likely to target the relatively new, insecure systems that the Metaverse requires to function. With the average cost of a data breach now estimated at £3.35 million already, it seems this metric will only rise as we integrate Metaverse technologies into more of our day-to-day processes.
Building a ‘battle strategy’
Individuals and businesses need a ‘battle strategy’ to make sure they are equipped to take on the cybersecurity threats that will surface with the advent of AR and VR via the Metaverse. It’s by no means a guarantee that these emerging technologies will seamlessly form part of our core infrastructures – in fact, threat actors will be looking for any opportunity to take advantage of an organization unfamiliar with their workings. We can’t just sit back and observe these new wonders transforming society as we know it – individuals and businesses need to troubleshoot these threats proactively.
What’s more, protection needs to be robust at both the software and firmware level, particularly as threat actors become even more sophisticated. In 2021, Global Data found that businesses were rarely discussing the cybersecurity impact of the Metaverse as they were too distracted by the hype surrounding NFTs, Crypto, AR and VR. Indeed, Cisco has gone so far as to refer to the Metaverse as the cybersecurity ‘Wild West’. Ultimately, businesses need to focus on bolstering the cybersecurity measures they have in place - and fast - as doing so could mean the difference between survival or demise.
The rise of advertising
The Metaverse is being spearheaded by major tech conglomerates such as Microsoft and Facebook, so as hype continues to grow, it’s worth considering how businesses are seeking to benefit from this space, and whether it’s genuine. One vertical through which it is helpful to frame the issue is advertising. Facebook has a long-standing public desire to display adverts through VR, which when carried out through the Metaverse, may pose a number of risks for privacy and security.
Companies need to carry out a complete strategy overhaul when it comes to advertising and digital marketing in the Metaverse. Though with this comes great opportunity, there is also a serious security risk as a lack of standardization leaves room for error or manipulation. Advertisement companies are already coming under fire for their disregard for privacy, and it seems this issue could become even more widespread with the advent of the metaverse.
Data privacy in the Metaverse
With cybercrime expected to cost the world $8 trillion dollars by 2025, it’s safe to say that existing cybersecurity threats will find their way into the Metaverse as well. The internet has already granted malicious individuals a range of weak points to target, which means that as ‘Big Tech’ continues to dominate, more opportunities will similarly open up as organizations navigate unknown territory with minimal protection.
As the Metaverse becomes a reality and ultimately it will bring with it a wider surface for attack: notably, wearable hardware to facilitate the overall experience. With this kind of tool, the sharing of sensitive data will become far more simple since the makeup of Metaverse technologies allows for increased data accessibility - this is problematic. Unregulated data sharing which will likely take place in the formative years of the Metaverse creates grave risk for all users, be they an organization or an individual.
Beware the ‘no-man’s land’
As a result of these existing and new threats, it is non-negotiable that companies will need to be proactive and strategize effectively. However, there's no getting around the fact that new and constantly evolving technologies like these will put businesses at a significant disadvantage. Though we can assume cyber threats will continue to present themselves in the form of DeFi fraud, more personal and sensitive data breaches and the targeting of financial institutions, it’s impossible to predict how exactly these will unravel in a functional Metaverse.
At its core, the Metaverse is likely to quickly become a dynamic entanglement of different technologies - with more connection points comes a greater scope for threat actors. As the Metaverse arrives in the mainstream, the process of finding effective cybersecurity solutions to these new threats may take years so there’s no time like the present. Ultimately, businesses need to proactively implement measures to protect themselves and their customers today – or risk a ‘new world’ of dangers tomorrow.
