The metaverse is here, and it’s about to change the way we work and play forever. You can own your own piece of virtual real estate, do some online shopping, attend virtual events and experience an entirely new world. Want to live next door to a celebrity? For the right price tag, you can. Take the person who paid $450 000 to be rapper Snoop Dogg’s virtual neighbour in his “Snoopverse”.
By 2026, US technological research and consulting firm Gartner predicts that more than a quarter of people will spend at least an hour every day shopping or interacting within the metaverse. And it won’t be only consumers spending their free time in virtual playgrounds – businesses are also forecast to move some of their interactions to this new digital realm.
All signs point to the metaverse becoming a huge economic opportunity. Analysts predict the global market for virtual social worlds will be worth $800-billion by 2024, with metaverse-related exchange traded funds to reach $80-billion by the same year.
Brands are flocking to get their piece of the metaverse. They range from tech giants such as Microsoft, Google, Nvidia and of course Meta (previously Facebook), to consumer brands, such as adidas and Samsung, and financial services giants HSBC and JP Morgan.
Many businesses see the metaverse as an opportunity to enhance digital experiences and virtual interactions and close the gap with employees and customers. Microsoft, for example, has announced Mesh, a mixed reality enhancement for its Teams collaboration tool which will allow for a more immersive experience.
Three cyber risks for the metaverse
But the metaverse is definitely not without its hazards. Many of the cyber threats that are putting businesses and consumers at risk today will still be prevalent in the metaverse. If anything, the additional complexity of a fully virtual environment could make those threats more difficult to defend against and manage.
What are some of the cyber risks we’re likely to encounter in this new world?
Risk #1: More scams and fraud
At the moment the metaverse is still in its early days and users enjoy the interconnectivity and freedom of their new virtual world(s). But this could come at the expense of online safety measures that could protect users from threats.Consider how hard it is to govern or safeguard web domains that fall outside national borders. Without the proper measures to protect users, the metaverse could become an unregulated playground for cyber criminals, who could use it to impersonate other users, commit fraud and steal personal information.
Risk #2: Younger users at peril
The online gaming community is notorious for a toxic culture where even the youngest players are victimised or abused by trolls. The metaverse could exacerbate this. A BBC News investigation found that the virtual design of the metaverse allows children to be easily exposed to racial abuse and sexual harassment.
Risk #3: It’s (always) about the money
One of the big business opportunities of the metaverse is the potential for it to have its own currency or cryptocurrency. This would be in line with the broader shift to decentralised finance that was initiated by the launch of bitcoin. But it’s also an unprecedented opportunity for cyber criminals to use its virtual economy for money-laundering purposes.
In addition, as different metaverses spring up and users start transferring stored value from one to the other, opportunities emerge for cyber criminals. A lack of secure exchanges between buyers and sellers could expose users and their new financial system to threat actors.
What should companies that are keen to explore the business potential of the metaverse do to protect themselves against cyber threats?
First, organisations need to review their cyber-resilience strategies to include employees and customers operating in the metaverse. A strategy that prioritises defence-in-depth can allow businesses to add multiple layers of security controls throughout their organisational systems. Such a strategy would allow businesses to examine all the various elements of data transfer and communication (email, web, apps, messaging) along with the physical network, building environments and highly vulnerable human factors.
Regular and ongoing cyber awareness training would also empower employees with much-needed knowledge to better identify and avoid potentially risky online behaviour. Considering nine out of 10 data breaches involve some form of human error, no business can afford to underinvest in their “human firewall” as they embrace these emerging technologies. Security awareness training products should also be on top of new technologies and ensure content is current and relevant to changing virtual environments.
Ultimately, the metaverse has the potential to unlock a new era of technological innovation, human connectivity and digital experiences but companies and users will need to tread carefully and ensure the highest standards in cyber security, or risk watching their new dream world turn into a nightmare at the hands of the global cyber crime industry.