Building Resilience through Cybersecurity and Governance for Metaverse Experiences
By Industry Contributor 23 June 2022 | Categories: feature articlesBy Nicole Reineke, Vice President of Innovation, Iron Mountain
Metaverse is a descriptor for the many Internet-based real-time virtual spaces that can be used for work and social experiences, often using avatars. This might at first seem like a concept plucked from the annals of science fiction, but the technology is real and businesses are already starting to take their first virtual steps into the metaverse. Yesterday’s fantasy is rapidly becoming today’s virtual reality.
The numbers support this, too. The metaverse has been valued as a $800 billion dollar market opportunity by Bloomberg1 and, although others might not agree with the exact estimate, companies such as MTN and M&C Saatchi Abel, an advertising and marketing consultancy, have become the first local organisations to buy virtual real estate in Africa’s first metaverse, Africarare. This has prompted others to consider what opportunities the metaverse could provide for their operations and to help evolve their digital strategies to meet changing customer demands.
Enterprises are already enabling extended reality applications so that customers can browse through their virtual “physical” spaces and learn more about their services or retail offerings. Healthcare providers can see 3D images of the human body to facilitate diagnoses and treatments. First responders can conduct exercises in simulated environments to be prepared to manage real-time triage and containment challenges. The list of potential use cases is nearly infinite, as is the opportunity ahead.
Big opportunities usually come with proportionate risks, and metaverse opportunities are no different. As free-to-use platforms rely on algorithms to profile users for advertising purposes, it raises privacy, security and compliance concerns. For example, one of the basic requirements of POPIA is openness – which requires that data subjects be made aware of when and the purpose of their information being collected by a responsible party.
And for now, it is a waiting game to see how transparent metaverse platforms will be when disclosing how much data they collect. So, while it is inspiring to see so much interest in the possibilities of the metaverse, businesses also need to consider how they can guarantee safety and privacy in their virtual ventures.
Regulation and Governance
In an abstract economy, where metaverse experiences create opportunities for people to function across various channels on the Internet, a system of regulation and governance with recognised intermediaries is essential to ensure supervision and build confidence. For example, financial transactions conducted via smart avatars will generate data, so questions arise about how that data should be processed and governed and what contracts need to be in place to ensure privacy.
Information derived from your digital assets and interactions–whether technical or sociological–must be governed, and users must be protected from malicious or manipulative use of their data. One method of doing this is through data access and usage transparency. This is theoretically possible by using immutable records to capture data access and utilisation which, when decentralised (as in blockchain) could provide democratised access to monitor and govern the behaviour of those wanting to use the data. Additionally, the concept of ownership and monetization in a metaverse space can be democratised through capabilities such as non-fungible tokens used in a blockchain.
Security concerns
The proliferation of data generated by the metaverse amplifies the risks associated with data breaches and cybersecurity attacks. And because you’re transacting in a virtual environment, there are potentially greater risks of identity theft and impersonation. Legitimate concerns including counterfeit non-fungible tokens and fake avatars, which could reveal sensitive information and enable unwanted access to cryptocurrency wallets and blockchain scams from phoney financial organisations.
In addition to the governance-related concerns described above, some of the main security threats are associated with identity, data, and privacy. Identity thefts–such as impersonation attacks, unauthorised and stolen identity, and unauthorised interoperability linkage–can occur in a metaverse. Data-related threats are very similar to those that exist today, such as data tampering, spoofing, false data injection, and so on.
Ensuring privacy is even more important in a metaverse because user behaviour can be captured at a more granular level than in the physical world. In addition to the types of malware attacks we see in Web 2.0, there are more chances of “Sybill attacks”‒ where one identity (hacker) can pretend to be many identities at the same time.
In light of all these issues, it is important to develop a ‘security and privacy by design’ mindset as the number of interactions and the related proliferation of data need to be appropriately secured. Also, the algorithms that are powering metaverse experiences are constantly learning, which creates a further complexity that will need to be monitored and protected. The task of protecting organisational assets, data, and people is massive and will need to be shared by those working on technologies supporting metaverse experiences and the users, as well as the government bodies that provide regulation on the data flow between them.
Educating employees
While a metaverse is about our experience with the Internet of the future, Web 3.0 is about how the future of the Internet will be built. Companies building with Web 3.0 need to ensure that their employees have the skills and tools to identify threats–internal and external–and take appropriate action to reduce security risks. In the past, countless companies have lost consumer trust due to the lack of security and secure practices in Web 2.0 applications. All employees need to be educated and equipped with the right information to help ensure personal and business safety and prevent data proliferation and leaks. Organisations need to implement an educational approach at the very start of their journey into building with Web 3.0 and creating interaction paradigms in a metaverse.
Why metaverse experiences matter
The world is beset by a range of seemingly intractable problems such as climate change, economic inequalities and the ongoing threat posed by the pandemic. Metaverse experiences create an environment that can help companies, governments, and social enterprises address these headline topics through immersion and enhanced collaboration. However, a widespread need exists for education and consultancy, especially as innovation continues to outpace regulation.
Web 3.0 is already being used to enable many of the new metaverse interaction paradigms for customers, investors and employees, while governments will be able to use it to better communicate with their citizens. But lingering, legitimate concerns about governance and security are tapping the brake on progress. Partnering with organisations that have the tools, experience and expertise can ease your journey to safely and confidently create metaverse interactions that solve pressing business, social, and environmental problems.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?