Why The Metaverse Is Our Chance To Play Cybersecurity Catch-Up

Ian McShane, VP of Strategy at Arctic Wolf explores….

Whether you’re the eternal believer or the dismissive cynic, there is no doubt the concept of the metaverse is the hot topic dominating many conversations across the technology industry right now. When the word ‘metaverse’ started dominating the news cycle, I immediately thought of the dystopian futures where a new reality was needed to distract us from the misery of the real world, just like Ready Player One.

Initially, this felt like a left-field, alternate fantasy that primarily had its place in the worlds of gaming and film. Now, in a very short space of time, the reality is the metaverse is now being tipped as this next incarnation of the internet, and huge companies around the world are investing vast sums of money in it. The headline face is Facebook, as they go big on the metaverse being the future of their social media juggernaut. Meanwhile, Nike has also made a number of acquisitions to become ‘metaverse ready’, we’re starting to see real estate change hands, and in finance, the banks are hedging their bets on a virtual world future.

Even Microsoft jumped at the opportunity to jump on the bandwagon, claiming their acquisition of Activision will “provide building blocks for the metaverse.” Unsurprisingly, and completely in line with the rest of the metaverse narrative, they didn’t provide any further details on what that means.

While there is much hype and expectation, there are still many aspects of the metaverse that need to be understood. Breaking out of the technology and marketing bubbles, does everyone really understand what this could mean for our lives going forwards? An interesting recent study looked at the range of questions being asked by people on Google, and I think this is a real indicator of the ‘continued unknown’ about what the metaverse means. If a large proportion of people don’t have a full understanding of this now, how can we effectively prepare for the next wave of cybersecurity dangers this will bring?

With this new digital world trying to infiltrate our lives further, there are some obvious red flags from a cybersecurity point of view that we need to consider. Naturally – and setting my incredible scepticism aside for now – like others in our industry I have immediate concerns and questions about security and privacy, despite the limited ‘ordinary person adoption’ of what is currently a ‘bleeding edge’ tech trend.

However, I also believe this presents an opportunity for many organisations globally to play cybersecurity catch-up and invest properly in their operations. Anyone collecting and storing personally identifiable information, and no doubt selling the data and insights, has a moral and legal obligation to get data protection and privacy right. If now isn’t the time to prioritise data and cyber security, then I don’t know what is! Many businesses must view the metaverse and new steps in augmented reality as another compelling reason for prioritising cybersecurity investment and planning.

This doesn’t need to mean companies have to purchase a range of tools and platforms that no one knows how to use. Instead, the key to improving security operations can be a really smart investment into their existing workforce talent. If businesses can upskill the right employees already within the walls of their organisation, and bolster knowledge on the rapidly evolving threat landscape the metaverse presents, this will go a long way to prepare them for what’s coming. Businesses can then supplement these team skills with the technology and expertise of a suitable security partner to get the balance right.

Digging a little deeper, it’s important we start to consider what security challenges the metaverse could present, and what type of knowledge needs to be acquired. A real indicator of adoption will be the criminal activity aligned to this world. Sticking with my film analogies, there is every chance this world could quickly become a new avenue for cybercrime, just like Lawnmower Man or Hackers. That’s because most descriptions of the metaverse sound like VR ‘worlds’ where you buy and interact with things that don’t exist in reality. Although they don’t exist in ‘reality’ and are supposed to be part of a decentralised chain of custody, it’s important we remember that these things remain linked to an individual’s real-world wealth and identity, despite being obscured to provide anonymity.

In other ways, the NFT / web3 world is likely to be prime space for scams and scammers to operate as well. NFTs and metaverse products are already attracting people looking for a way to get rich quick, which makes for easy targets for cybercrime. I wouldn’t be surprised to see DeFi currency scams target ‘celebrity’ VR avatars for account takeover to manipulate the BTC market prices as we’ve seen recently with Twitter profiles.

Potential scams aside, the real focus this year will be on that tipping point for widespread metaverse usage, as that will put security and privacy at the forefront, if or when there is true global adoption of these technologies. Whilst the metaverse presents a huge new frontier for companies and consumers to engage, this will absolutely provide another opportunity for cybercrime to thrive. Despite having the protections in place, particularly with cryptocurrency and blockchain, regulation in the metaverse is still non-existent and as we’ve seen with ransomware and extortion tactics, the legal recourse for attacks is also low, which will make it an extremely attractive – and potentially lucrative – space for cyber criminals.

History has told us that with many emerging technologies, security is often the afterthought but if there are any learnings we can take from the last 12 months, it’s that cyber protection needs to start taking priority, and the metaverse is no different. Whether it’s Nike, Facebook or any other business creating a digital playground, they must ensure they are investing in cybersecurity as much as they are in the creation of these technologies. Whilst this world might not yet be a mainstream reality, those businesses that integrate their cybersecurity operations from the ground up to prepare for the metaverse now will be in a much better position to combat an evolving threat landscape that is fast becoming more complicated.