The metaverse is the buzzword today — and for a good reason. Simply put, it is the fusion of the real and the virtual in the digital world. Advancements in immersive technologies such as virtual and augmented reality (VR and AR), leveraged with other internet-based technologies, can fundamentally change how we connect with one another. However, just like any other new technology, this new opportunity in the form of advanced immersive technology also brings its own set of challenges and cyber risks.
“We already have security challenges that we haven’t been able to adequately address,” said Kayne McGladrey, senior member at the Institute of Electrical and Electronics Engineers (IEEE), the world’s largest technical professional body. “The metaverse is likely to inherit these challenges. For example, phishing and theft of credentials have carried over to the metaverse. We’ve seen NFT and cryptocurrency scams, too, in the metaverse.”
However, all is not doom and gloom, as the metaverse is in its nascent stages, providing an opportunity to develop the technology with security at the forefront of the design process. In the metaverse, one’s digital avatar is essentially one’s identity – for better or worse. “Identity management is probably where we’re going to be the most challenged when leveraging technologies associated with the metaverse,” said McGladrey. He is optimistic that metaverse-based technologies will have Artificial Intelligence (AI) at the backend to address these challenges or, at least, these technologies will be bolstered with inclusion of security operations and automated responses for authentication purposes.
For example, AI-based solutions can be used to identify reliable patterns that correlate to users’ identities, and also automate detection of deviations that prompt a second factor of authentication to help prevent identity theft. According to him, end-users will benefit from approaches to security that focus on identity management and user behaviour analysis, as identity and behaviour are two core components of what will define the metaverse.
One of the key ways to ensure that the metaverse is secure is to build security into devices and platforms from the start, as opposed to bolting on solutions after users are already engaging with the technology. “I think that blockchain is
going to ultimately be the underpinning of all transactions and all ownership of items in the metaverse,” said McGladrey.
“The security of the metaverse depends on its underlying structures,” said another IEEE member, Qiqi Wang. “A blockchain-based metaverse naturally has better user privacy protection and security.” Additionally, existing and proven security tools should be incorporated into the metaverse early on to better understand how they may impact this new digital ecosystem. “Since the metaverse is relatively new, it is difficult to predict what form it will eventually take. However, all the firms engaged must make further efforts to protect the users’ interests,” said Amol Gulhane, senior IEEE member. “Many are exposed to privacy, safety, and financial issues as the nation transitions into a digital economy. Hence, we need to be extra-vigilant to spot the weak links and mitigate the risks.”