IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

What is metaverse security?

As the metaverse evolves, businesses need to think differently about virtual security to protect their IT infrastructure, staff, and customers

For companies, creating secure networks and commercial environments has always been imperative for the long-term security of their business and customers. In recent months, a number of firms have embraced the metaverse, for better or worse, but do these spaces present new levels of risk?

Organisations must continuously identify and neutralise the prospective threats on their system. How these attacks look and feel might be different in immersive environments or mixed reality spaces, which will likely form the fabric of the metaverse as it develops. The use of avatars, for example, could mask identities; the capacity for hackers to infiltrate virtual spaces companies have created is a danger that hasn’t yet been addressed. Businesses will also have to go further on making the metaverse a safer space for users, given issues of discrimination and bias already pose a challenge to those with established communication channels. 

When assessing metaverse safety, the World Economic Forum concluded it would be necessary to use and integrate emerging technologies. The organisation also called for a global open-box security validation process to ensure there are standards that look out for threats such as breach of confidentiality, integrity or other security concerns.

Handling metaverse security, or metasecurity, will involve addressing emerging threats in this new digital realm, while taking a multifaceted approach to consider how the real and virtual worlds connect. Security policies will have to change, as will digital regulation to ensure privacy and data security can be upheld as businesses and their customers move in and out of the real and virtual worlds that are created.

What might metaverse threats look like?

Will the metaverse be as transformative as Meta would have us believe? Many, indeed, beleive the metaverse is a waste of resources. The manifesto from Open Meta DAO, however, concludes the metaverse, a hallmark of Web3, is far too important to get wrong. “Not everyone understands this or agrees on what getting it right looks like,” the manifesto says. “Web2 succeeded financially but is not healthy on our minds or our planet. People are waking up to the significance of the metaverse on our future. Who owns that future? What kind of world do you want to live in? What kind of world do you want to leave to others?”

As the metaverse evolves, there’s increasing focus, in particular, on how virtual spaces will connect with and influence the physical world. Accenture, for example, describes the ‘virt-real’ as a range of experiences, from purely virtual to a blend of virtual and physical. This is an accurate description of how the metaverse exists today and how it’ll develop, especially as laws are concerned. The lines are, indeed, blurring. For instance, the UAE minister of artificial intelligence (AI), Omar Sultan Al Olama, recently said he believes people who commit serious crimes in the metaverse – like murder – should be punished in the physical world. He also alluded to the prospect of cyber criminals terrorising users.

Related Resource

The CIO imperative: Leading in the digital future

Reimagine how to differentiate with technology

Whitepaper cover with female sat with a laptopFree Download

As these realms continue to blend into each other, accountability is key, says Gartner’s senior principal analyst Tuong Nguyen. “For a user to be held accountable for abusing someone in the metaverse; for a user to be caught laundering terrorist funds; for a user to be caught evading tax on financial transactions in the metaverse, that user's real-world identity will need to be known,” he says. “It will be interesting to see how the requirements for proving your identity evolve in the metaverse.”

As the metaverse takes shape, businesses will create their own interpretation of these spaces driven by the demands of their customers or commercial partners. Gartner projects that by 2025, a quarter of the global population will spend at least one hour a day working, shopping or socialising in the metaverse. To support this shift, these virtual spaces must boast robust levels of security and safeguarding to reflect existing digital channels.

Malicious actors in virtual spaces are a clear and present danger that businesses will have to protect themselves, their customers and commercial partners against. Already, we’ve seen successful phishing attacks that used bots with AI deepfake voices to convince victims to transfer large sums of money. Certainly, security and compliance will need to be front and centre as these environments expand their influence.

How can businesses fight immersive threats?

“Enterprises will find themselves on the front lines of establishing trust and safety and defining the human experience in these new places,” says Accenture. “Enterprises that wish to lead in this space will shoulder the mantle of building a ‘responsible metaverse,’ and the actions and choices they make today will set the standards for all that follow.”

The haptic metaverse is often the image many users have in their minds Today, however, businesses are embracing these spaces by taking a more conventional mixed reality approach, depending on their particular needs. We would expect this to evolve over time, as we would expect the threats to. 

As the metaverse becomes yet another attack emerging vector, businesses must protect themselves against foreseen and unforeseen threats by devising security policies that consider the particular aspects of these virtual spaces. As a result, metaverse security will become a fundamental component of a company's overall digital security stance, over time, rather than an afterthought. 

Michael Gurau, a partner at Altman Solon, sees a layered approach to security becoming the norm. "Metaverse users, particularly enterprise ones, will likely work to create private sector protections and standards for doing business in the metaverse,” he says. “In the end, the metaverse will be policed by a patchwork of entities, which could be a real challenge to its growth and consumer and commercial confidence.”

Related Resource

Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely

Whitepaper cover with image of female employee working at home on laptopFree Download

Ian McShane, VP of strategy at Arctic Wolf, on the other hand, takes a more prophetic approach. “History has told us that with many emerging technologies, security is often the afterthought, but if there are any learnings we can take from the last 12 months, it's that cyber protection needs to start taking priority, and the metaverse is no different,” he tells IT Pro. “Whether it's Nike, Facebook or any other business creating a digital playground, they must ensure they are investing in cyber security as much as they are in the creation of these technologies.”

Many businesses won’t change their existing security protocols and policies as they move first into mixed reality environments and, then, perhaps finally into fully immersive spaces. The unique nature of the metaverse, however, means bias and identity will form the core of metasecurity. The security implications of the metaverse have yet to come into focus, but laying the foundations for metasecurity policies is imperative for businesses of all sizes, as all enterprises race to stake their claim to their piece of the metaverse.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Google adds stronger safeguards for Workspace accounts
collaboration

Google adds stronger safeguards for Workspace accounts

11 Aug 2022
DARPA recruits SpaceX, Intel and Amazon for major satellite network project
Network & Internet

DARPA recruits SpaceX, Intel and Amazon for major satellite network project

11 Aug 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022
Google Cloud launches first Arm-based virtual machines
virtual machines

Google Cloud launches first Arm-based virtual machines

14 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022