Metaverse and cybersecurity, what challenges for the future?
The growth of the metaverse emphasizes the need to address the cybersecurity challenges posed by this new multimedia environment.
It’s estimated that the metaverse will account for 1% of the global economy, which could reach USD8 trillion to USD13 trillion by 2030, according to investment bank Citi. Because of this growth, it’s increasingly likely that the metaverse will be subject to cyberattacks that pose a real risk to both the companies that are active in the metaverse and the users who access it.
What is the metaverse?
The metaverse refers to a digital universe that’s the result of multiple technological elements that include virtual reality and augmented reality. The idea is that within the metaverse users can access it through 3D viewers, and have virtual experiences. It would be possible to create realistic avatars, for example through NFTs, meet other users, or perform all those actions that we perform in a "disjointed" way on the internet in a single platform. It’s even possible to create a real estate market.
The famous Bored Ape Yacht Club brand, already known for the bored monkey collection of NFTs, has announced the launch of an original metaverse. Called Otherside, it’s geared toward gamification with a decentralized structure, effectively forming a link between the metaverse and the real estate market. It has led to the sale of about 55,000 NFTs, each sold for 305 Ape Coins, making each lot worth an average of USD6,000. This virtual land sale triggered one of the highest spikes in transaction fees to date on cryptocurrency platform Ethereum.
The metaverse requires the simultaneous use of many technologies where augmented reality, cloud technologies, IoT, and AI combine to be functional, and where there’s also the possibility of creating a unique economy through cryptocurrencies and NFTs.
Cybersecurity challenges and metaverse
Given the technologies involved, there is a high risk of being a victim of cyber-attacks in the metaverse. The simultaneous use of different technologies, the collection of vast quantities of personal and non-personal data, and the use of blockchain, make the use of systems to monitor and prevent cyberattacks highly complex. For example, there are dozens of cases of sale of counterfeit works or products in the decentralized world: a counterfeit product remains on the blockchain for eternity and there’s no way to delete it from the blockchain.
While we assume that phishing activities may experience a sharp increase with the metaverse, it’s also possible there could be an increase in:
- Identity theft: threat actors, through the information found online and in the metaverse, could resort to user identity theft, for example through avatar theft.
- Cryptocurrency theft: threat actors could take possession of the wallets and access keys of users in the metaverse, performing irreversible actions.
The main cybersecurity concern in the metaverse concerns personal data, which will be the main target of attack consider the biometric data released by users to take advantage of devices that allow users to switch from virtual reality (VR) to augmented reality (AR) that use this biometric data to allow access within the metaverse.
Companies will need to prepare in advance to prevent these types of attacks. They need to ensure their security systems are safe and secure and free of vulnerabilities that could cause serious damage not only to the companies' own economy and reputation but also to users. But there’s still a lack of regulatory regimes that should be put in place to ensure the protection of the metaverse and its users.
