The growth of the metaverse emphasizes the need to address the cybersecurity challenges posed by this new multimedia environment.
It is likely that the metaverse will be subject to cyber-attacks that pose a real risk to both the companies that choose to be active in the metaverse and the users who access it.
It is estimated that the metaverse will account for 1 percent of the global economy, which could reach $8 to $13 trillion by 2030, according to investment bank Citi. Because of this growth, it is increasingly likely that the metaverse will be subject to cyber attacks that pose a real risk to companies that decide to be active in the metaverse as well as users who access it.
What is the metaverse?
The metaverse refers to a digital universe that is the result of multiple technological elements including virtual reality and augmented reality. The idea is that within the metaverse users can access it through 3D viewers, and have “virtual” experiences. In fact, it is possible to create realistic avatars, for example through NFT, meet other users, or perform all those actions that we perform in a “disjointed” way on the Internet in a single platform, being able even to create a real estate market.
The famous Bored Ape Yacht Club brand, already known for the well-known bored monkey collection of NFTs, announced the launch of a metaverse, Otherside, geared toward gamifiction with a decentralized structure, effectively forming a link between the metaverse and the real estate market that led to the sale of about 55 thousand NFTs, each sold for 305 Ape Coins, making each lot worth an average of six thousand dollars. This virtual land sale triggered one of the highest spikes in transaction fees on Ehereum.
The metaverse, then, requires the simultaneous use of many technologies where augmented reality, cloud technologies, IoT, and artificial intelligence combine to be functional, and where there is also the possibility of creating a unique economy through cryptocurrencies and NFTs.
Cybersecurity challenges and metaverse
Because of the technologies involved, the risk of being a victim of cyber attacks in the metaverse is very high. Moreover, the simultaneous use of such different technologies, as well as the collection of countless amounts of data, both personal and non-personal, and the use of blockchain, make the use of systems to monitor and prevent cyberattacks complex, compared to what happens in the virtual or real world. For example, there are dozens of cases of the sale of counterfeit works or products in the decentralized world: a counterfeit product remains on the blockchain for eternity and there are no ways to delete it from the blockchain.
Although, in fact, the metaverse does not yet exist (but the infrastructure on which that technology is based does), it is already possible to predict in which direction threat actors will focus within that platform. Indeed, it is assumed that phishing activities may experience a sharp increase with the metaverse, but not only that, it is also possible that:
- Identity theft in the metaverse: threat actors, through the information found online and in the metaverse, could resort to, for example through avatar theft, user identity theft;
- Cryptocurrency theft: threat actors could take over the wallets and access keys of users in the metaverse, performing irreversible actions.
However, the main cybersecurity concern in the metaverse must be directed toward personal data (moreover, as in the real world), which will be the main target of attack by threat actors. Just think of the biometric data released by users to take advantage of devices such as AR/VR, devices that allow them to switch from virtual reality (VR) to augmented reality (AR) that use the user’s biometric data to allow them access within the metaverse.
Companies will need to prepare in advance to prevent these types of attacks and ensure that their security systems are safe and secure and free of vulnerable situations that could cause serious damage not only to the companies’ own economy and reputation but also to users . In this context, however, there remains, to date, a lack of regulatory provisions that, as soon as possible, should be drafted in order to ensure the protection of the metaverse and its users.
On a similar topic, you can find interesting the article “Intellectual property right transfer and license agreements in the metaverse“.