New cyber risks may arise in the metaverse, and here are some steps companies can take to mitigate them.

• In recent months, the metaverse has garnered attention, prompting companies such as Meta and Ralph Lauren to quickly establish a presence within its virtual realm.
• Last year, Check Point reported a 50% increase in overall attacks per week on corporate networks compared to 2020, indicating that cybercrime is becoming more prevalent in the real world.
• Not all businesses may fully comprehend the dangers of the metaverse as they rush to establish their presence in this new world, according to Prabhu Ram, head of the industry intelligence group at CyberMedia Research.

Discussing a confidential multimillion-dollar deal with your boss, the conversation concludes, and both of you depart.

You later meet your boss and discuss the earlier conversation, but they have no memory of the agreement.

What just happened?

Prabhu Ram, head of the industry intelligence group at CyberMedia Research, stated that in the metaverse, being the victim of a hacked avatar or deepfake is a possibility. Deepfakes are manipulated digital figures that resemble someone else.

The success of companies like Meta and Ralph Lauren in the metaverse may be hindered unless cybersecurity risks are addressed.

Cybercrime in the real world is already becoming more rampant.

In 2021, Check Point cybersecurity firm reported a 50% increase in attacks on corporate networks compared to the previous year, as businesses rush to enter the metaverse without fully understanding the risks involved, said Ram.

Ram stated that, as the full potential of the metaverse has not yet been realized, concerns about privacy and security in the metaverse are limited to a select group of tech-savvy companies.

To secure the metaverse as new attack vectors emerge, a fundamental realignment of today's security paradigms is necessary for identification, verification, and protection.

Identity security

In February, JPMorgan published a white paper emphasizing the significance of user identification and privacy safeguards for engaging and conducting transactions in the metaverse.

The white paper suggests that verifiable credentials should be structured in a way that makes it easier to identify fellow community or team members or to grant configurable access to different virtual world locations and experiences.

Gary Gardiner, the head of security engineering for Asia-Pacific and Japan at Check Point Software Technologies, concurred.

He emphasized the need for user-interactive security protocols in the metaverse, stating that the same mindset for internet security should be applied.

Blockchain technology is being used to verify user identities through tokens assigned by organizations or biometric data collected through headsets.

Gardiner proposed adding "little exclamation marks" above avatars' heads to indicate untrustworthiness.

Data breaches

In the virtual reality world, the invasion of user privacy by tech companies may also arise from the trails of data left by users in the metaverse.

In the metaverse, there may be even more data available for companies to harvest and use without consent if strict regulations are not put in place to protect users.

Philip Rosedale, founder of Second Life, stated that when users wear virtual reality headsets, organizations can gather data such as head and eye movement or voice.

"Within a few seconds, we can accurately identify you as the person wearing the device, which poses a serious privacy issue in the virtual world," he stated.

What can be done

In a December blog post, Bill Gates, co-founder, forecasted that virtual meetings will predominantly shift to the metaverse within the next two to three years.

It's crucial for businesses to train their staff properly to safely operate in the metaverse, according to Gardiner.

"From a cybersecurity perspective, the user is the weakest point in any organization," he stated.

If an attack occurs in the metaverse, users will be better equipped to defend themselves if they possess the necessary training and knowledge of what is suspicious, according to him.

The metaverse's security platforms and safety models are crucial for maintaining privacy, according to Rosedale and Gardiner, who emphasized the need for companies to implement risk mitigation strategies.

To establish trust more easily, users on LinkedIn will need to utilize a "web of trust," according to Rosedale.

Sharing information about the people you trust with other trusted individuals can help you determine if you share mutual friends with someone new, he stated.

To ensure effective deployment of security protocols, companies involved in designing the metaverse must collaborate to establish a common standard.

Gardiner stated that the foundation of the metaverse must be strong and done well, otherwise people will lose confidence in the platform and stop using it.