Brave New World? Cyber Security Considerations in the Metaverse

The metaverse is the latest shiny thing that tech giants are trying to push us towards. But what actually is the metaverse? And what are the cyber security considerations for anyone considering dipping their virtual toes into it?

In technology’s inexorable march forward, it can take some seemingly strange turns. One such turn that’s receiving a lot of coverage right now is the metaverse – a term that is so vague that Wired have published an article attempting to define its true meaning. Cynicism aside, though, there’s a lot of big money being pushed at the metaverse. This means that if the likes of Meta and Microsoft get their way – and let’s face it, they often do – we’ll be seeing a whole lot more of it whether we want to or not.

So it’s best that we try to get ahead of the game by learning what the metaverse is – and how we may wish to consider the cyber security implications of engaging with it.

What Actually Is the Metaverse?

In the Wired article I linked to above, the author states that “the term doesn’t really refer to any one specific type of technology, but rather a broad (and often speculative) shift in how we interact with technology”. I think that’s fair.

I see the metaverse as the internet reenvisaged in virtual reality. It’s like a virtual reality world – sometimes augmented by augmented reality – that almost becomes a second life for its users. To me it feels like Second Life but with a virtual reality headset on. For many people, MMORPGs – massively multiplayer online role-playing games – like World of Warcraft are an obvious point of comparison: games offering huge worlds that large numbers of people can connect into and interact with at the same time.

Something that’s important to stress is that the metaverse isn’t necessarily new technology – it’s more of an integrated virtual reality product built on existing technology. And like the internet as we know it and love it today, it will become a cyber security nightmare if left unchecked. Let’s explore why.

Cyber Security Considerations in the Metaverse

It’s an unfortunate reality that when new products are made, cyber security is often seen as a bolt-on or – even worse – an afterthought. If cyber security isn’t baked into the metaverse from the start, hackers may prosper. Here are some cyber security considerations for individuals and organisations looking to explore the metaverse:

• Scamming in the metaverse. From physical mail, to phones, to emails, and now the metaverse – if it’s a means of reaching out to people with dodgy offers, scammers will embrace it. Metaverse users should be hyper aware of scammers, especially as it is in its infancy.
• Lack of regulations. As of right now, the metaverse lacks universally agreed upon and adhered to regulations. Given its global nature, establishing jurisdictions and management will be tough. Users who fall foul of crime in the metaverse risk falling through the cracks as long as properly enforceable regulations remain absent.
• Extortion and impersonation. We have no idea how criminals will seek to exploit the virtual and augmented reality functionality of the metaverse, but you can bet they will. Maintaining control of your online identity may be challenging in the brave new world of the metaverse.
• NFT fraud. Of all the products available in the crypto space, NFTs have possibly garnered the most coverage – and incredulity. The fact is though that people will want to buy NFT artwork and hang it on their virtual walls in the metaverse. But what if the NFT provider is fraudulent and sells you a fake? It’s unclear in the metaverse or otherwise how you can reclaim your money.
• New technology security hiccups. As I mentioned earlier, the metaverse is less about new technology and more about the combination of existing technology. This could present unforeseeable cyber security gaps; just look at the patchy security history of some of our biggest social platforms, especially during their formative years.
• Risks to minors. Like with many other types of online technology, the metaverse presents risks when it comes to controlling childrens’ access to content. And when people are given the ability to present online personas that are completely different from their real life selves, bad things can and potentially will happen.

Brave New World?

The metaverse is being pushed hard by some of the largest technology companies in the world. And outside of the tech giants, the metaverse has welcomed some high-profile advocates – I’m looking at you and your metaverse showroom, Sotheby’s. However, it’s fair to say that overall take up thus far has not been high, and my candid take is that the metaverse has the potential to introduce more problems than it solves.

I don’t pretend to have all the answers. I do believe though that if you’re going to step into the metaverse, tread carefully. At Six Degrees we offer governance, risk and compliance advisory services that will enable your organisation to engage with the metaverse in a way that minimises risk. Contact us and speak to one of our experts today.

About the Author

Andy Swift is Technical Director for Offensive Security at Six Degrees. At Six Degrees, we’ve been helping organisations confront cyber security challenges for over 15 years. While cyber threats are always developing, our experience and industry presence is testament to our ability to stay ahead of emerging threats.