The metaverse could bring new cyber dangers. Here’s what companies can do – Reuters

An employee wearing HTC’s Vive virtual reality headset plays a video game in the T.UM showroom at SK Telecom Co.’s headquarters in Seoul, South Korea, June 11, 2021.

Facebook Facebook logo Sign up for Facebook to connect with Seong Joon Cho Bloomberg | Getty Photos

Consider discussing a confidential multi-million dollar deal with your boss. The conversation is over and you two walk away.

Soon, the two of you will meet again and remember your previous conversation-but your boss never remembers the deal.

What happened?

In the metaverse, it could mean you are a victim of an avatar hack or deepfake, said Prabhu Ram, head of industrial intelligence group at CyberMedia Research, a research and consulting firm. Deepfakes refers to manipulated digital numbers that look or are similar to others.

Metaverse has gained attention in recent months, with companies like Meta, formerly known as Facebook, and Ralph Lauren rushing to get their foot in the door. But unless the cybersecurity risks in the metaverse are addressed, these companies may not experience the success they hoped for.

Cybercrime in the real world is on the rise.

Cybersecurity firm Check Point reported a 50% increase in the total number of attacks per week on corporate networks in 2021 compared to a year ago. While companies are rushing to plant their flag in the metaverse, not everyone may be aware of all the dangers of this new world, Ram said.

“Because the contours and potential of the Metaverse have not yet been fully realized, apparent concerns about Metaverse’s privacy and security issues remain limited to some‘ tech-aware ’companies,” Ram said. .

“As new attack vectors emerge, they need a fundamental overhaul of current security paradigms to identify, validate, and secure the metaverse,” he added.

Identity Security

JPMorgan released a white paper in February identifying user recognition and privacy protections as key elements for interaction and transaction in the metaverse.

“Verifiable identifiers [should be] quick configuration to allow quick identification of other community or team members, or to allow configurable access to different locations and experiences in the virtual world, ”according to the whitepaper.

Gary Gardiner, security engineering manager for Asia Pacific and Japan at Check Point Software Technologies, agreed.

The same mindset for Internet security should apply to the metaverse, he said, adding that security protocols should be as interactive as possible to the user.

People look at the blockchain to identify users, or “using tokens that can be assigned to an organization, or biometrics on the headset you’re wearing, so there’s a level of trust that you know if who are you talking to. ” , did he declare. .

Gardiner also suggested having “small exclamation points” above the avatar’s heads to signal that someone is unreliable.

Data Violations

If users wear devices like virtual reality headsets, organizations can collect data like their head and eye movements or their voice, said Philip Rosedale, founder of Second Life, an online world that allows people to go out, eat and shop virtually.

“This means that within seconds we will know that you are wearing the exact device. This is a serious potential privacy issue for the virtual world,” he said.

What can be

Microsoft co-founder Bill Gates predicted in a blog post in December that in two to three years most virtual meetings will move to the metaverse.

For businesses to operate safely in the metaverse, Gardiner said, it’s important to properly train staff.

“The weakest point of any organization from a cybersecurity perspective is the user,” he explained.

The foundation [of the metaverse] It has to be good because if the foundation is weak and not good, people will lose faith in the platform and we will stop using it.

Gary Gardiner

Check Point Software Technologies

If an attack hits the metaverse, users will be in a stronger position if they have that level of training and understanding of what is at stake, he said.

While companies need to implement risk reduction strategies, Rosedale and Gardiner said that maintaining privacy ultimately depends on the type of security platforms and security models put in place in the metaverse area for organizations. .

Citing LinkedIn, a professional networking site, as an example, Rosedale said users should be able to use a “network of trust” to exchange information with others to more easily build trust.

Identifying people you trust and sharing that information with other trusted people will allow you to evaluate whether you have friends who are similar to a new one, he added.

Meanwhile, Gardiner said companies involved in Metaverse design need to work together to establish a common standard that will allow security protocols to be deployed effectively.

“The foundation [of the metaverse] it has to be done right because if the foundation is weak and it’s not done right, people will lose confidence in the platform and we will stop using it, ”Gardiner said.

Leave a Comment