IT Security and the metaverse
by Tina Siering
Image source: Google
IT security requirements in the metaverse
Augmented reality, virtual reality, interactions via avatar - everything can be experienced in the metaverse and the development is constantly progressing. Only time will tell what the metaverse will actually mean for companies and their IT security. There are many dissenting voices and concerns - one issue that is already much discussed today is insufficient data protection. The metaverse would enable companies to collect many times the amount of data about users that has been available on the internet up to now, with insufficient protection.
What is the metaverse or metaverse?
The metaverse is a portmanteau word consisting of the terms "meta" and "universe". The term meta stands for a "higher level" or "a superior level" - so read in combination, the metaverse is a higher level of the universe. Broken down from the almost philosophical level to the technical level, the metaverse is a future trend that turns today's internet into a borderless space by combining the physical world with the digital world into one. Unlike today's internet users, the users of the future will no longer act as mere consumers, but will actively shape the digital space in the form of avatars. If the visions of the tech platforms behind the metaverse approach are anything to go by, the boundaries between the virtual and real worlds will even increasingly dissolve in the near future.
Web 3.0 and metaverse tools: Companies in particular have high hopes
The transformation from a vague idea at best to a concretely usable business field took only a few years. Although the metaverse is still primarily a playground for tech-savvy early adopters, it is already certain that the higher the level of awareness of the metaverse, the greater the acceptance will be in all strata of the population. More users mean for companies: Broader target group. Companies promise themselves great opportunities, especially for marketing, not least because it offers reliable access to first-party data: Exceptional brand experiences are still highly valued for customer loyalty. Numerous companies are already represented in the metaverse with their own presences and use it for marketing purposes. Currently, it is primarily NFTs - non-fungible tokens - that are used by companies for customer loyalty measures. An NFT is a unique, irreplaceable token that represents any item on the blockchain. From art to real estate, NFTs are multi-purpose, tamper-proof and unique to only one user. In the metaverse, companies use NFTs in different ways, for example as exclusive access to content in video games, digital upgrades and, of course, unique digital art objects. Companies operate in the metaverse primarily out of an interest in Big Data: in particular, it is about the huge pool of customer data that is being filled more and more through the use of the metaverse. Marketing departments desperately need this information to drive personalisation and ultimately customer centricity in the sales funnel.
What are the dangers in the metaverse?
The financial services provider Citi sees a market in the metaverse that will have five billion users by 2030 - and a value of a staggering 13 trillion US dollars. Analogous to the Clearnet, one will also encounter cyber risks in the metaverse that will be very similar to today's threats, such as phishing, malware and ransomware attacks, fakes and disinformation campaigns. The sheer volume of detailed, private data is already attracting cybercriminals. The number and quality of cyberattacks in the metaverse can be expected to increase exponentially with user numbers. The spread of malware could be facilitated, for example, through the use of insecure Wi-Fi networks, and money laundering could be enabled through overpriced virtual Metaverse real estate. Arkose Labs, a specialist fraud prevention and online account security company, recognised as early as 2022 that Metaverse businesses are exposed to 40% more human cyber attacks and 80% more bot attacks than 'conventional' online businesses.
A risk that exists for every user and has nothing to do with cybercrime per se: Privacy as we still know and appreciate it today no longer exists in the metaverse. The operators of the virtual worlds inevitably gain a deep, detailed insight into the behaviour and actions of the users.
Cyber attacks in the metaverse are therefore primarily aimed at identity theft.
The motive of the cybercriminals:
Fraud, spam and rip-off microtransactions, which are common and widely used in the Metaverse. AR applications, one of the most fascinating new possibilities of the virtual world, often have extensive access to users' location data, store user behaviour and shopping habits.
The major risks of the future will mainly concern privacy and data protection. Consequently, the digital twins should be effectively protected against data misuse or identity theft.
Security researchers predict that a kind of darknet will also develop in the metaverse. Areas that are shielded from law enforcement - and allow cybercriminals a safe space.
To sum up: There will be extremely valid data collections in the Metaverse. However, the urgently needed data protection is not yet in place, at least with the current forecast. Security expert Michael Bruemmer, Head of Global Data Breach Resolution at Experian, compares the Metaverse to the "Wild West" [https://www.csoonline.com/de/a/das-metaverse-wirft-neue-sicherheitsfragen-auf,3674406] and urgently points out the lack of regulations and standards to protect sensitive data in the best possible way.
Together with their CISOs, companies should already start dealing with the new risks for their business data in the metaverse. Because even though the metaverse is still in its infancy, it will continue to grow - and timely consideration of cybersecurity measures should accompany that growth. Are you planning a virtual branch in the metaverse? Be sure to plan for the various disciplines for comprehensive IT security from the outset.
Finally, some practical tips for IT managers, CIOs and CISOs that should not ONLY apply to future activities in the metaverse:
- Review the security architecture of the Metaverse platforms and applications you use.
- Ensure that you only use trusted applications and platforms that use security certificates and encryption technologies.
- Make your staff aware of the importance of cyber security and ensure that they are regularly trained to recognise security-related threats in the metaverse.
- Use strong passwords and enable two-factor authentication wherever possible.
- Avoid using public Wi-Fi networks and keep devices, applications, and systems up-to-date with regular patch management..
- Security audits and penetration tests support the timely identification of vulnerabilities in your IT systems.