IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

What is metaverse security?

As the metaverse evolves, businesses need to think differently about virtual security to protect their IT infrastructure, staff, and customers

For companies, creating secure networks and commercial environments has always been imperative for the long-term security of their business and customers. In recent months, a number of firms have embraced the metaverse, for better or worse, but do these spaces present new levels of risk?

Organisations must continuously identify and neutralise the prospective threats on their system. How these attacks look and feel might be different in immersive environments or mixed reality spaces, which will likely form the fabric of the metaverse as it develops. The use of avatars, for example, could mask identities; the capacity for hackers to infiltrate virtual spaces companies have created is a danger that hasn’t yet been addressed. Businesses will also have to go further on making the metaverse a safer space for users, given issues of discrimination and bias already pose a challenge to those with established communication channels. 

When assessing metaverse safety, the World Economic Forum concluded it would be necessary to use and integrate emerging technologies. The organisation also called for a global open-box security validation process to ensure there are standards that look out for threats such as breach of confidentiality, integrity or other security concerns.

Handling metaverse security, or metasecurity, will involve addressing emerging threats in this new digital realm, while taking a multifaceted approach to consider how the real and virtual worlds connect. Security policies will have to change, as will digital regulation to ensure privacy and data security can be upheld as businesses and their customers move in and out of the real and virtual worlds that are created.

What might metaverse threats look like?

Will the metaverse be as transformative as Meta would have us believe? Many, indeed, beleive the metaverse is a waste of resources. The manifesto from Open Meta DAO, however, concludes the metaverse, a hallmark of Web3, is far too important to get wrong. “Not everyone understands this or agrees on what getting it right looks like,” the manifesto says. “Web2 succeeded financially but is not healthy on our minds or our planet. People are waking up to the significance of the metaverse on our future. Who owns that future? What kind of world do you want to live in? What kind of world do you want to leave to others?”

As the metaverse evolves, there’s increasing focus, in particular, on how virtual spaces will connect with and influence the physical world. Accenture, for example, describes the ‘virt-real’ as a range of experiences, from purely virtual to a blend of virtual and physical. This is an accurate description of how the metaverse exists today and how it’ll develop, especially as laws are concerned. The lines are, indeed, blurring. For instance, the UAE minister of artificial intelligence (AI), Omar Sultan Al Olama, recently said he believes people who commit serious crimes in the metaverse – like murder – should be punished in the physical world. He also alluded to the prospect of cyber criminals terrorising users.

Related Resource

The CIO imperative: Leading in the digital future

Reimagine how to differentiate with technology

Whitepaper cover with female sat with a laptopFree Download

As these realms continue to blend into each other, accountability is key, says Gartner’s senior principal analyst Tuong Nguyen. “For a user to be held accountable for abusing someone in the metaverse; for a user to be caught laundering terrorist funds; for a user to be caught evading tax on financial transactions in the metaverse, that user's real-world identity will need to be known,” he says. “It will be interesting to see how the requirements for proving your identity evolve in the metaverse.”

As the metaverse takes shape, businesses will create their own interpretation of these spaces driven by the demands of their customers or commercial partners. Gartner projects that by 2025, a quarter of the global population will spend at least one hour a day working, shopping or socialising in the metaverse. To support this shift, these virtual spaces must boast robust levels of security and safeguarding to reflect existing digital channels.

Malicious actors in virtual spaces are a clear and present danger that businesses will have to protect themselves, their customers and commercial partners against. Already, we’ve seen successful phishing attacks that used bots with AI deepfake voices to convince victims to transfer large sums of money. Certainly, security and compliance will need to be front and centre as these environments expand their influence.

How can businesses fight immersive threats?

“Enterprises will find themselves on the front lines of establishing trust and safety and defining the human experience in these new places,” says Accenture. “Enterprises that wish to lead in this space will shoulder the mantle of building a ‘responsible metaverse,’ and the actions and choices they make today will set the standards for all that follow.”

The haptic metaverse is often the image many users have in their minds Today, however, businesses are embracing these spaces by taking a more conventional mixed reality approach, depending on their particular needs. We would expect this to evolve over time, as we would expect the threats to. 

As the metaverse becomes yet another attack emerging vector, businesses must protect themselves against foreseen and unforeseen threats by devising security policies that consider the particular aspects of these virtual spaces. As a result, metaverse security will become a fundamental component of a company's overall digital security stance, over time, rather than an afterthought. 

Michael Gurau, a partner at Altman Solon, sees a layered approach to security becoming the norm. "Metaverse users, particularly enterprise ones, will likely work to create private sector protections and standards for doing business in the metaverse,” he says. “In the end, the metaverse will be policed by a patchwork of entities, which could be a real challenge to its growth and consumer and commercial confidence.”

Related Resource

Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely

Whitepaper cover with image of female employee working at home on laptopFree Download

Ian McShane, VP of strategy at Arctic Wolf, on the other hand, takes a more prophetic approach. “History has told us that with many emerging technologies, security is often the afterthought, but if there are any learnings we can take from the last 12 months, it's that cyber protection needs to start taking priority, and the metaverse is no different,” he tells IT Pro. “Whether it's Nike, Facebook or any other business creating a digital playground, they must ensure they are investing in cyber security as much as they are in the creation of these technologies.”

Many businesses won’t change their existing security protocols and policies as they move first into mixed reality environments and, then, perhaps finally into fully immersive spaces. The unique nature of the metaverse, however, means bias and identity will form the core of metasecurity. The security implications of the metaverse have yet to come into focus, but laying the foundations for metasecurity policies is imperative for businesses of all sizes, as all enterprises race to stake their claim to their piece of the metaverse.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

HPE upgrades GreenLake with Private Cloud Enterprise
Cloud

HPE upgrades GreenLake with Private Cloud Enterprise

28 Jun 2022
What is Amazon S3?
Amazon S3

What is Amazon S3?

16 May 2022
EDB unveils world-first openly governed Kubernetes Postgres operator
Cloud

EDB unveils world-first openly governed Kubernetes Postgres operator

13 May 2022
How the cloud primed Markerstudy for an M&A spree
Cloud

How the cloud primed Markerstudy for an M&A spree

9 May 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022