Exploring the evolving security challenges within the metaverse

Dr. Francis Gaffney, director – Mimecast Labs & future operations at Mimecast, explores the evolving security challenges that will take place within the metaverse

In July 2021, Meta CEO Mark Zuckerberg re-introduced us to the concept of the “metaverse”, an interconnected virtual universe that promises to allow its users to immerse themselves in content rather than just viewing it. Touted for being able to add a new dimension to our lives, this VR world offers opportunities that are potentially world changing, both for consumers and organisations.

Zuckerberg’s vision to create a VR world that could change the way we connect or work with people has garnered huge interest, especially from brands or companies that are actively seeking new ways to expand their presence within the digital landscape.

This environment aims to allow humans to interact socially and economically as avatars in a cyberspace, which acts as a kind of metaphor for the real world, breaking down its physical or economic barriers. Therefore, many see the metaverse as the future of the internet, which is sometimes referred to as ‘Web 3.0’.

Business opportunities within the VR world

The metaverse is a digital universe that moves beyond the internet we know today. This vision for the future state of the web has the potential to transform our social interactions, business dealings, and the internet economy at large.

Although the adoption of the technology is currently enjoyed mainly by those in the gaming community, Gartner predicts that by the year 2026, more than 25% of people will spend at least an hour everyday shopping or socialising within the metaverse. This comes as good news, especially since the pandemic has radically changed the way businesses operate.

Adopting remote or hybrid working models has enabled many organisations and their employees to explore the digital realm to perform work, host events, and to even connect or socialise with their co-workers, especially during times of isolation.

While video conferencing tools such as Zoom and Slack have gained popularity in recent times, they still lack the innovation to alter one’s physical reality. Through the metaverse, businesses are now keen to explore the scope of this virtual space and how it can enhance the digital experience for various stakeholders, including the customers as well as the employees.

For instance, in March 2021, Microsoft indicated its interest in the metaverse space with Mesh, which is designed to be used mainly in the Teams environment and aimed at allowing organisations to create metaverses for people to collaborate in.

It is, therefore, no wonder that many businesses are now looking to invest or establish their presence within this interconnective virtual platform to make the most out of its immersive experience offering. Reflecting this potential opportunity, according to a market report produced by Kraken, it was found that NFT-linked cryptocurrencies were by far the best performing group of digital assets in November 2021, rising by 42% as interest in the metaverse increased.

However, as we explore new ways to connect online, the cyber security risks associated with this new technological revolution should not be underestimated.

Cyber security concerns surrounding the metaverse

While the virtual platform promises to offer a plethora of opportunities for businesses to transform the way they operate, we cannot discuss the metaverse without addressing or including cyber security challenges.

Although most of these threats are very similar to the ones we encounter on the internet today, tackling these problems in a virtual environment is an additional headache for many organisations. Some of the main issues that businesses could potentially encounter within this virtual space include:

  1. Security challenges concerning currency exchanges: Much like the multiple national currencies that already exist in the real world, the metaverse will use its own currency or cryptocurrency. While crypto as a digital currency is set to develop over time, it could also lead to significant increase in “money laundering” attempts within the metaverse’s virtual economy. As these digital currencies are set to evolve, uncertainties surrounding their transferability from one metaverse to another and a lack of provision for secure exchanges between buyers and sellers could lead to the exploitation of the newly developed financial system by threat actors.
  2. Increase in scams and other fraudulent activities: At present, the metaverse poses significant security challenges as most of its users value interconnectivity and their user experience over intrusive online safety measures. This could exacerbate the security concerns or privacy issues that already exist within social media. Considering the inherent challenges imposed by web domains to govern or control areas beyond traditional national borders, the metaverse could also present itself as an unregulated environment to cyber criminals. Not having proper measures in place to protect the safety of its users means that it could become increasingly difficult for one to identify or recognise scammers or hackers who may use this as an opportunity to impersonate other entities or individuals.
  3. Safeguarding young users or new generations of digital natives: As with online games, the metaverse’s virtual environment is set to become very popular among children or young digital natives, who are also prone to being victimised by abusers and scammers present within these digital communities. In fact, a recent investigation conducted by BBC News found that the virtual design of the metaverse allows children to be easily exposed to racial abuse and sexual harassment. Although most of these virtual platforms are supposedly age restricted to prevent children from using it without adult supervision, it does not stop them from joining virtual worlds for shopping or entertainment. And since VR applications are created to offer a real-life experience to their users, they also hold the potential to inflict emotional trauma amongst children by exposing them to grooming and other harmful experiences.

Safely navigating through the metaverse

When it comes to the implementation of new tech tools within the work environment, organisations tend to focus on the opportunity, and security is considered as an afterthought. Enthralled by the newness of the experience, businesses and individuals tend to undervalue the importance of safeguarding themselves from various types of cyber security breaches that comes along with the adoption of these new technologies.

Hence, organisations must realise that although the metaverse presents itself as an unconventional new way of doing business, it also holds significant potential for hackers to commit cyber crimes and exploit businesses and individuals operating across the platform.

And while cyber authorities, and the tech industry in general, have a responsibility to amend current security policies and educate businesses about the various implications of the cyber risks that exist within these virtual platforms, organisations must also review their existing cyber security strategy to better protect the safety of everyone involved within the metaverse.

In fact, to help protect against the unknown threats the metaverse concept could present to an organisation, it is best to adopt a defence-in-depth strategy, which can allow businesses to add multiple layers of security control throughout their IT system.

This strategy allows businesses to examine all the various elements of data transfer and communication (email, web, apps, messaging) along with the physical network, building environments, and the highly vulnerable human factors. It also brings to light the need to offer appropriate cyber security awareness training to ensure that all employees within an organisation are well-prepared to face prevalent cyber security threats inside the metaverse.
Overall, from enabling researchers to conduct extensive social experiments to allowing marketers to carry out product demos and events, if implemented properly, the metaverse holds the potential to blur the lines between in-person and virtual experiences.

Written by Dr. Francis Gaffney, director – Mimecast Labs & future operations at Mimecast


Accommodating the influx of data in the metaverse — Guido Meardi, CEO and co-founder of V-Nova, discusses how metaverse stakeholders can accommodate the pending influx of data to drive value.

What will it take to stop fraud in the metaverse? — Alexey Khitrov, CEO at ID R&D, discusses what metaverse stakeholders will need to consider when it comes to preventing fraud.

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com