The Metaverse hypes seems to be everywhere in 2022 with small start-ups to tech giants all jumping onboard the Metaverse train. While some may scoff and dismiss it all as hype; the next evolution of the internet carries a promise and potential that no forward-looking company can ignore. Millions of dollars are being poured into the Metaverse globally by countries like the UAE and the UK with the entire economy expected to be worth $13 trillion by 2030.
Filtering away all the “hype-y” statements, the metaverse can be defined as
a simulated digital environment that uses augmented reality (AR), virtual reality (VR), and blockchain, along with concepts from social media, to create spaces for rich user interaction mimicking the real world.
While the Metaverse is still very much in its inception phase and evolving as a concept, there is no doubt that one area that it will significantly impact is that of cyber-security. In this article, I will go over some of the key areas to focus on for cyber-security professionals
#1 — A new era of Social Engineering attacks
The rise of Deepfakes and remote interviews has already seen Social Engineering attacks going to the next level with companies being tricked into giving sensitive positions to cyber-criminals masquerading as genuine job applicants. This was serious enough for the FBI to issue a warning on the same guiding people on how to stop such advanced versions of Business Identity Compromise.
This problem is only going to get worse in the metaverse where digital avatars will be representing people and confirming the identity of the person who are interacting with will be critical. Zoom calls will get replaced by virtual rooms in the Metaverse and a cyber-attacker can potentially impersonate a senior person in a meeting and get access to sensitive information unless strong authentication measures are put in.
As a cyber security professional, are you ready for board level meetings to happen in a virtual environment ?
#2 — Hardware security will gain prominence
The gateway into the immersive world of the Metaverse will be VR headsets which will enable users to “plug” into the Metaverse and start their journeys. These entry points will also be where attackers will attempt to “piggy back” onto the sessions and essentially eaves drop into what the user is doing. This could result in privacy attacks and more sinister corporate espionage scenarios where attackers would silently observe C-level meetings happening in the metaverse and exfiltrate sensitive information to competitors. Several VR headsets have already been identified as being vulnerable to such attacks hence cyber security professionals need to make sure that appropriate attestations and certifications of such hardware is present.
As a cyber security professional, are your security assurance processes capable of assessing the security of such hardware ?
#3 — Metaverse-as-a-Service
Most companies will rush to adopt a Metaverse presence in the future however similar to private and public clouds, there will be public and private metaverses. Companies will maintain a private metaverse for their sensitive assets and use the public one to interact with their customers however the cost of maintaining a private Metaverse will be out of the reach of most companies.
This will result in a rise of “Metaverse as a Service” providers which will provide companies read made versions of a private metaverse. Unless proper due diligence of such providers are carried out and appropriate controls checked, companies could find themselves exposing their private sessions and meeting with unauthorized parties.
As a cyber security professional, are your ready to assess Metaverse models and service providers for their security controls ?
Metaverse is coming .. like it or not !
These are just a few of my predictions for how Metaverse will change cyber security threats in the future. However it is not all gloomy as far as technology risks go. The Metaverse will also give access to amazing ways of training and collaboration for cyber security professionals. Imagine if Incident response tests do not have to be dull, paper driven exercises but can actually be simulated in virtual environments ! or if Information Security trainings can be given in a virtual world with real life examples being shown ?
The potential of the Metaverse is endless and cyber security professionals need to start prepping today for this upcoming revolution.