A Reality Check on Metaverse

From virtual meetings to immersive 3D customer experiences or even property tours, the Metaverse will transform the way that companies operate. Gartner predicts that by 2026, a quarter of us will spend at least one hour a day in the Metaverse for work, shopping, education, social media and/or entertainment. Some brands are already there today, such as Nike and Coca-Cola, who are using it to drive brand awareness and the purchase of physical products.

With so much buzz around the Metaverse, it’s easy to see why more and more companies will start to do business there. But are they thinking about the risks? We will certainly need a different approach to security in a virtual world compared to the physical, but what will that entail?

Let’s take a look at what the risks are and how to start getting prepared (because you do need to start now).

The biggest hurdle to the Metaverse being a secure environment is in its foundations. The Metaverse is built on blockchain technology and we have already seen serious security gaps in NFT marketplaces and blockchain platforms such as OpenSea, Rarible and Everscale.

Due to the sheer amount of malicious activity that we already see exploiting services based on the blockchain, we believe it won’t be long before we start to see initial attacks in the Metaverse too, as reported in the recent Check Point Mid-Year Security Report. It will likely be based on authorization, and user accounts will get hijacked, so it is expected that identity and authentication will sit at the heart of everything we want to do.

According to a report by DappRadar, a company that tracks user behaviour across blockchain projects, in late 2021, it was reported that over half-a-million Indian users have shown their interest in non-fungible tokens and metaverse projects with India ranked fifth, only behind the US, Indonesia, Japan and Philippines, in terms of interest in metaverse projects.

It is tricky though, as people might want to have multiple identities within the Metaverse, perhaps one for transacting work conversations and another for personal shopping and entertainment.

This adds another layer of complexity because there’s then no single identity that says it’s definitely you. The answer could be in chained identity so, will blockchain then help us understand where we’re transacting and who with?

This is a major challenge. And since blockchain technologies are decentralized and unregulated, this makes things like policing the theft of virtual assets or preventing money laundering, very difficult indeed.

Other cybersecurity risks within the Metaverse abound such as cyberattacks via the use of vulnerable AR/VR devices, as an entryway for evolving malwares and data breaches. These devices inherently collect large amounts of user data and information such as biometrics, making it attractive to hackers.

Concerns around data privacy are also a growing voice amongst Metaverse sceptics, with additional data being collected through avenues like Second Life, potentially violating user privacy.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA