How to keep cybercriminals at bay in the metaverse?

Metaverse - a virtual reality world where users can interact and experience things as they would in the real world – is the latest buzz in the tech circle. Beneath the buzz, the metaverse is arriving in many unexpected ways. And even though companies (especially the big techs) are all geared up to make the metaverse happen, one aspect that cannot be ignored is the privacy and security challenges that are already becoming huge in the cyberspace. Chances are it's going to become a lot worse with technologies such as the metaverse around.

Experts believe, some of the cybersecurity challenges with metaverse will be similar to what we are already familiar with on the internet. But the metaverse is likely to bring some entirely new sets of cybersecurity challenges, in addition to the conventional phishing, malware, and hacking, due to its architecture. Cryptocurrency and non-fungible tokens (NFTS) are commonly utilised in the metaverse, and hackers may find them interesting.

As  cyber security expert Shantanu Kumar, believes the intricate nature of the metaverse and the data it creates will provide ample opportunities for cybercriminals. A key issue with the metaverse is its reliance on hardware in order to experience the platform. The metaverse is centred on external digital devices such as VR headsets that can easily fall prey to hackers if left unprotected. For example, data captured through these headsets, or any of the other wearable devices can be very sensitive in nature. And this where bad actors will strike.

While there is no one answer on how to make the metaverse a safer place, organisations should come up with new and innovative security strategies to keep cybercriminals at bay.

Charlie Bell - Executive Vice President, Security, Compliance, Identity, and Management, Microsoft, said in a recent blog, “In the metaverse, fraud and phishing attacks targeting your identity could come from a familiar face – literally – like an avatar who impersonates your co-worker, instead of a misleading domain name or email address.” 

Also read: New tech is redefining CMO title to include Metavers

He explained with an example how phishing could look like in the metaverse. “It won’t be just a fake email from your bank. It could be an avatar of a teller in a virtual bank lobby asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room.” 

Constructive steps include making things like multi-factor authentication (MFA) and passwordless authentication integral to platforms. Because there will be no single metaverse platform or experience, interoperability is another important aspect tech or metaverse leavers should look into. 

The culture of information-sharing and collaboration among ISPs, cloud providers, device manufacturers and every industry stakeholder are the key in this virtual space.

“Data security, identity management, platform compliance, cybersecurity laws will all need to be reconsidered and amended to include these potential new risks,” said Pankaj Sachdeva, Vice President, Data Science and Analytics & Managing Director, India Innovation at Pitney Bowes.

“Metaverse stakeholders should anticipate security questions and be prepared to jump on any updates. There must be clear and standard communication around terms of service, security features like where and how encryption is used, vulnerability reporting and updates,” wrote Bell. 

As we explore the unchartered territories of the metaverse, data security will become increasingly important. The first goal is to discover a solution to safeguard our online identity and business activities. When it concerns regulating or securing the metaverse, preserving data and information is the most critical.