Some things we need to know about security before plunging into the metaverse…

Following its annual Ignite conference in November 2021, where cybersecurity professionals and leaders around the world converged to discuss the next big challenges in cybersecurity, CybersecAsia had the opportunity to discuss some key security concerns related to the metaverse with Sean Duca, Vice President and Regional Chief Security Officer, Asia Pacific & Japan, Palo Alto Networks.

Sean Duca, Vice President and Regional Chief Security Officer, APJ, Palo Alto Networks

Here are our questions and Duca’s answers:

How would you define what the ‘metaverse’ is? What are its core elements?

Duca: The metaverse is a shared digital environment in which people can play, work and interact in real-time without having to be in the same physical location. Think of it as a digital replica or extension of our real world.

What sets the metaverse apart from the Internet is the immersive aspect of it. Instead of just viewing digital content from a screen, users will be able to engage and interact with multi-dimensional content in an unprecedented manner, enabled by technologies such as augmented reality (AR), virtual reality (VR) and smart devices.

The move towards a metaverse will further blur the lines between physical and digital spaces, as people will be able to enjoy multi-dimensional content and experiences while moving between two realities. A fully functional economy within the metaverse is likely to become a reality. We’ve already seen the emergence of blockchain-based gaming economies and popularity of gaming platforms like Roblox, where people can earn and spend digital currencies.

What can businesses gain by participating in and leveraging the metaverse, especially in terms of customer experience and business opportunities?

Duca: The immersive nature of the metaverse will unlock new opportunities for businesses and consumers alike, as it allows buyers and sellers to connect in a new way. Companies can take advantage of mixed reality experiences to diversify their offerings and cater to the needs of consumers in the metaverse.

Take e-commerce for example. Online shopping will no longer be the same as people will be able to browse and try items virtually, without the need to have the actual physical product with them. In addition, there will be demand for both physical and digital versions of products as consumers will be shopping for themselves as well as their digital counterparts. Businesses thus have an opportunity to expand their product range and increase their market share.

The metaverse will also open up avenues for brands to build meaningful experiences for their consumers, which will in turn, could drive greater brand recognition and loyalty. Consumers are already taking to VR concerts, signaling appetite for such virtual experiences. Being able to provide an immersive experience for consumers will bode well for brands looking to strengthen their brand awareness.

Even the way we work may evolve in the metaverse. Virtual collaboration tools and meetings can become more inclusive, enabling a more diverse range of people to participate and interact with the use of digital avatars. For example, Microsoft has already announced plans to launch avatars for its video conferencing platform, to allow users to have animated versions of themselves in both 2D and 3D meetings. 

What are the key security concerns related to the metaverse? How different would they be from the current digital economy we live and work and do business in?

Duca: Be it in physical or digital spaces, or even an unregulated world like the metaverse, platforms that allow us to interact and trade (buy/sell goods and services) with others are attractive targets for cybercriminals. After all, cybercriminals never waste an opportunity to strike.

In today’s economy, there is already a critical need for people to verify and secure their digital identities to ensure that their personally identifiable information (PII) cannot be misused or sold. This security concern will only be heightened in the metaverse, as the expanded use cases for our digital identities will make them even more attractive for cybercriminals to exploit.

It’s also likely that consumers will require some kind of wearable hardware, such as smart glasses or headsets, to be fully immersed in the metaverse. Mainstream adoption of these connected devices will translate to an inevitable broadening of the attack surface, which could result in more vulnerabilities and opportunities for cyber-attackers if not adequately secured.

The intersection of physical and digital realities in the metaverse points towards the likelihood of digital information existing in physical spaces, meaning that security incidents in the digital sphere could potentially lead to far-reaching consequences in the real world as well.

Organizations looking to enter the metaverse have to be mindful of how different devices and parties will interact in this unfamiliar environment. Opportunistic cybercriminals will view the metaverse as another platform to execute the same cyberattacks.

How should an organization bake cybersecurity into its strategy and approach before entering the metaverse?

Duca: As businesses will look to set up storefronts and advertise in the metaverse, it is imperative that they think about brand reputation, intellectual property, and how to identify fraud and abuse right from the onset.

They will need an ironclad strategy that offers complete visibility on how people and other organizations will interact with them and ensure that security is baked in all steps of their approach from the planning stages all the way through the running phase.