What is metaverse security?

Somebody wearing a headset with green and blue lights shone on them
(Image credit: Getty Images)

For companies, creating secure networks and commercial environments has always been imperative for the long-term security of their business and customers. In recent months, a number of firms have embraced the metaverse, for better or worse, but do these spaces present new levels of risk?

Organisations must continuously identify and neutralise the prospective threats on their system. How these attacks look and feel might be different in immersive environments or mixed reality spaces, which will likely form the fabric of the metaverse as it develops. The use of avatars, for example, could mask identities; the capacity for hackers to infiltrate virtual spaces companies have created is a danger that hasn’t yet been addressed. Businesses will also have to go further on making the metaverse a safer space for users, given issues of discrimination and bias already pose a challenge to those with established communication channels.

When assessing metaverse safety, the World Economic Forum concluded it would be necessary to use and integrate emerging technologies. The organisation also called for a global open-box security validation process to ensure there are standards that look out for threats such as breach of confidentiality, integrity or other security concerns.

Handling metaverse security, or metasecurity, will involve addressing emerging threats in this new digital realm, while taking a multifaceted approach to consider how the real and virtual worlds connect. Security policies will have to change, as will digital regulation to ensure privacy and data security can be upheld as businesses and their customers move in and out of the real and virtual worlds that are created.

What might metaverse threats look like?

Will the metaverse be as transformative as Meta would have us believe? Many, indeed, beleive the metaverse is a waste of resources. The manifesto from Open Meta DAO, however, concludes the metaverse, a hallmark of Web3, is far too important to get wrong. “Not everyone understands this or agrees on what getting it right looks like,” the manifesto says. “Web2 succeeded financially but is not healthy on our minds or our planet. People are waking up to the significance of the metaverse on our future. Who owns that future? What kind of world do you want to live in? What kind of world do you want to leave to others?”

As the metaverse evolves, there’s increasing focus, in particular, on how virtual spaces will connect with and influence the physical world. Accenture, for example, describes the ‘virt-real’ as a range of experiences, from purely virtual to a blend of virtual and physical. This is an accurate description of how the metaverse exists today and how it’ll develop, especially as laws are concerned. The lines are, indeed, blurring. For instance, the UAE minister of artificial intelligence (AI), Omar Sultan Al Olama, recently said he believes people who commit serious crimes in the metaverse – like murder – should be punished in the physical world. He also alluded to the prospect of cyber criminals terrorising users.


The CIO imperative: Leading in the digital future

Reimagine how to differentiate with technology


As these realms continue to blend into each other, accountability is key, says Gartner’s senior principal analyst Tuong Nguyen. “For a user to be held accountable for abusing someone in the metaverse; for a user to be caught laundering terrorist funds; for a user to be caught evading tax on financial transactions in the metaverse, that user's real-world identity will need to be known,” he says. “It will be interesting to see how the requirements for proving your identity evolve in the metaverse.”

As the metaverse takes shape, businesses will create their own interpretation of these spaces driven by the demands of their customers or commercial partners. Gartner projects that by 2025, a quarter of the global population will spend at least one hour a day working, shopping or socialising in the metaverse. To support this shift, these virtual spaces must boast robust levels of security and safeguarding to reflect existing digital channels.

Malicious actors in virtual spaces are a clear and present danger that businesses will have to protect themselves, their customers and commercial partners against. Already, we’ve seen successful phishing attacks that used bots with AI deepfake voices to convince victims to transfer large sums of money. Certainly, security and compliance will need to be front and centre as these environments expand their influence.

How can businesses fight immersive threats?

“Enterprises will find themselves on the front lines of establishing trust and safety and defining the human experience in these new places,” says Accenture. “Enterprises that wish to lead in this space will shoulder the mantle of building a ‘responsible metaverse,’ and the actions and choices they make today will set the standards for all that follow.”

The haptic metaverse is often the image many users have in their minds Today, however, businesses are embracing these spaces by taking a more conventional mixed reality approach, depending on their particular needs. We would expect this to evolve over time, as we would expect the threats to.

As the metaverse becomes yet another attack emerging vector, businesses must protect themselves against foreseen and unforeseen threats by devising security policies that consider the particular aspects of these virtual spaces. As a result, metaverse security will become a fundamental component of a company's overall digital security stance, over time, rather than an afterthought.

Michael Gurau, a partner at Altman Solon, sees a layered approach to security becoming the norm. "Metaverse users, particularly enterprise ones, will likely work to create private sector protections and standards for doing business in the metaverse,” he says. “In the end, the metaverse will be policed by a patchwork of entities, which could be a real challenge to its growth and consumer and commercial confidence.”


Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely


Ian McShane, VP of strategy at Arctic Wolf, on the other hand, takes a more prophetic approach. “History has told us that with many emerging technologies, security is often the afterthought, but if there are any learnings we can take from the last 12 months, it's that cyber protection needs to start taking priority, and the metaverse is no different,” he tells IT Pro. “Whether it's Nike, Facebook or any other business creating a digital playground, they must ensure they are investing in cyber security as much as they are in the creation of these technologies.”

Many businesses won’t change their existing security protocols and policies as they move first into mixed reality environments and, then, perhaps finally into fully immersive spaces. The unique nature of the metaverse, however, means bias and identity will form the core of metasecurity. The security implications of the metaverse have yet to come into focus, but laying the foundations for metasecurity policies is imperative for businesses of all sizes, as all enterprises race to stake their claim to their piece of the metaverse.

David Howell

David Howell is a freelance writer, journalist, broadcaster and content creator helping enterprises communicate.

Focussing on business and technology, he has a particular interest in how enterprises are using technology to connect with their customers using AI, VR and mobile innovation.

His work over the past 30 years has appeared in the national press and a diverse range of business and technology publications. You can follow David on LinkedIn.