The Metaverse is an exciting concept with seemingly endless possibilities. Before enjoying and building this virtual realm, it is critical that we learn from our past and begin with solid privacy and cybersecurity strategies. The following piece from Ntirety CEO Emil Sayegh was originally published in Forbes, and it details security steps that Meta can take.
How To Secure A Metaverse
Many are wondering about the metaverse and speculating whether it is a hard trend or a soft trend. Questions abound — what it will look like, what will its impact on us be, and how will it interact with our daily lives. At the root of the metaverse concept, physical boundaries will cease to be a limitation of how we engage with others, engage with businesses, and how we consume information. We are opening ourselves up to exposure by novel digital means to a world that will expand without limits.
For many, the biggest concerns about the metaverse are the aspects of privacy and cybersecurity. As we embark upon this new age of digital exploration, it is critical to structure this world of virtual engagement with secure concepts, grounded principles, and privacy based technologies. We have a lot of work ahead of us to map out the principles of how the real world interacts with this virtual future.
Rebuilding a (Mostly) Secure World
The web today has evolved greatly from its earliest days of uncharted freedom and dial-up bound technologies. It didn’t take long, however, before malicious actors, trolls, bots, nation-states, and permutations of digital anomalies changed the game. This landscape of threats and vulnerabilities especially matured as commerce, finance, and general businesses came to adopt web-based technologies.
We are going to have to re-envision many things all over again, including things we don’t really think about frequently anymore. Definitions, rights, laws and regulations, and our collective perspectives will all have to be re-engaged quickly as the metaverse arrives and builds out. For example, in the metaverse, legal jurisdictions and boundaries have no practical definition yet. This is a challenge we collectively worked through on cyber and web activities two decades ago, and now we get to do it all over again.
The Foundations of Secure Metaverse
Very few people like overreach and overregulation by governments. To avoid having regulators come down on the web3 community like a ton of bricks, we must build security considerations into the metaverse from day one. While we must preserve the user experience within the metaverse, we need to simultaneously protect individuals and businesses while also growing usage. It’s a complex balance, and the time to get started on this is now.
Consider the fact that the metaverse will be filled with massive troves of data, exchangeable at light speed, and much of it is highly sensitive. Some of it will involve young adults, and even children, as those will be likely early adopters. We must expect that these data will be a target of opportunistic technological and social hacks. The impact on data privacy cannot be underestimated and significant focus must be placed on the tools we have to protect privacy.
In non-chronological order we must:
Define rights in the metaverse
Create and enforce data accountability and data protection responsibilities
Create a rating mechanism for age-appropriate access and use
Protect against malware
Provide awareness of cyber threats
Sustain audit capabilities
Reinforce identity and validation standards
There is enough depth of subject there to write a book (if not several) on these topics. However, the subject of identity is the most intriguing, so let us dive in.
Identity and Blockchain Security
We must consider how people will be able to identify themselves in the metaverse. We must consider how individuals will come to trust and know that the person or business they are interacting with is really who they say they are. Currently, the strongest anticipated solution will rely on blockchain-based mechanisms to verify identity.
While there are obvious opportunities associated with blockchain implementation, it is notable that vulnerabilities are a possibility. Various non-fungible token (NFT) scams have already been noted, and the decentralized nature of the blockchain brings considerable concern that criminally-gained assets such as tokens, identities and transactions will not be recoverable in absence of authoritative controls,.
Efforts to implement biometric identification such as fingerprints or facial recognition will also be required. Whatever the ultimate composition of these solutions, they all need to be secure and reliable.
A New World of Attacks
Before long, metaverse attackers and bots can and will come from anywhere and they will do so around the clock. Naturally, metaverse networks will have to be secure, but we must enforce security by building continuous awareness into these networks. Along with strong passwords, multi-factor authentication, advanced firewalls, and advanced threat detection technologies, we will need to implement visibility and analysis throughout the fabric of the metaverse to detect anomalies, uncover activities, and maintain experiences for all. Data will have to be encrypted and password-protected whether it is in transit or at rest.
We will also need to keep watch for phishing, malicious URLs, and similar types of online attacks. Some of these attacks will probably not have a definition yet because they don’t exist yet. In addition to the gallery of hacking, malware, ransomware, and phishing tricks of the trade, entirely new tactics will emerge to focus on the bleeding edge of NFTs, exchanges, and cryptocurrencies. We will need a way to report and distribute the information of how these attacks came to pass.
Making a Better Metaverse
What we all love about the internet is the ability to get information, make exchanges, and free speech. What we need from the internet is the assurance that it is all as secure as possible, age appropriate, and that we maintain privacy. As the metaverse arrives and evolves, it will require a balanced approach to ensure the best experience for all. The metaverse must capture holistic, principle-focused protections, including awareness, technological methods, and behavior-modeling. The metaverse is part of our collective futures, but it needs to incorporate what we have learned in the past twenty years to not make the same mistakes. The foundational cybersecurity challenges ahead of us are clear, and we must act on those right now to allow the metaverse to prosper.
Check out this piece, originally published in Forbes, here and follow me on LinkedIn.