Is the metaverse safe?

An immersive new virtual realm is an exciting undertaking, but without a properly executed security plan, things could go terribly wrong. Read this piece from Ntirety CEO Emil Sayegh, originally published in Forbes, for insights on security concerns with the all-new Metaverse. 

Is the metaverse safe? 

If it isn’t clear by now, it will be soon: the metaverse is coming. While still only a concept, all this talk about virtual worlds, brain chips, tactile interfaces and artificial intelligence (AI) can only mean these technologies will soon come together. Many folks will get wrapped up in this merger of the virtual world with the physical world once the metaverse fully arrives. Unfortunately, anytime new and exciting technologies emerge, cybersecurity is often an afterthought. Cybersecurity will be the Achilles heel of the metaverse. Without a total base-level security build, the entire metaverse will face significant issues that could take years to unravel. 

Welcome to the unsafe metaverse 

The first known mention of a metaverse came about in science fiction back in the 1990s. More recently, Facebook stepped in and transformed itself (and its name) towards a new concept of a personal, customized, and interactive virtual world that it is building while burning $500 billion of market cap in the process.  

Unmute 

By most definitions, however, the metaverse will be a place where physical meets virtual and boundaries between the two become increasingly faint. It will eventually incorporate our world of work, our friendships, where we shop, how we spend our free time, what we eat, how we learn, and countless other applications. The metaverse will have access to our most private information and habits. As people begin to live in these virtual worlds, the metaverse will be able to learn a lot about us, others, and things we would barely consider today.  

If the metaverse is an inevitability, then it is our moral obligation to build one that is safe, private and secure. With the advent of the metaverse, we are going to have to rebuild, redefine and relearn so many things we take for granted in the “real world.” 

What does it mean when you close and lock your front door? Or how about your call screening? How do the security protocols in your life look when you are at home versus how they come in when you are in a public place? How do you know who you are talking to?  The metaverse has so many unknowns that it just cannot possibly be considered safe, by any standards.  

The wild west of the metaverse  

Cue the image of Clint Eastwood for this — at this moment, the metaverse is the wild, wild West. A lawless land that few dare venture into — but just like the old west, some people are ready for the metaverse. Instead of old-fashioned bandits and outlaws, they’re called hackers, scammers and various other names.  

Nefarious types historically gravitate to new technologies in search of opportunities. Already, there are reports of scams in NFT transactions, fraud in Ethereum addresses, and several other types of abuse. Now please remember, all Facebook did was change their name to Meta.      

Where was their plan and commitment to privacy, security or mental health of the users? Crypto, NFTs and smart contracts will undoubtedly be a fundamental part of the metaverse construct. Cyberbullying, doxing, ransom scams and other familiar schemes will also swiftly make their way over to the metaverse and they will be there early. Criminals are attracted to an environment where rules don’t exist, and victims have limited rights. 

One of the biggest risks in the metaverse will be data security and privacy. Before the metaverse, layers of abstraction existed, thanks to the physical world and our carefully balanced engagement through smartphones, computer systems, and apps. In the metaverse, significant engagement will run through artificial and virtual reality systems, creating a nexus point of data that is ripe for targeting. Data collection alone is cause for significant concern, with biometric, behavior, financial, profile information and troves of additional personal information built in.   

Garbage in, garbage out 

If you have been in information technology long enough, you are familiar with the phrase garbage in, garbage out. It’s a bad way of doing things and before we start packing up and moving to the metaverse we must make sure we will be ready for things such as:  

  •       Social engineering. As we’ve seen in corporate and individual scenarios, social engineering can lead to a massive loss of data, loss of access, and have financial implications. This is among the primary vectors for data breaches.  
  •     Blockchain security. Blockchain itself is strong on the validation of transactions and data. However, the integration of blockchain is an additional concern that bears scrutiny. For example, with just a bit of misdirection, an infiltrator can stage the interception and ownership of data. The network, identification, validation, and supporting DNS structures are examples of technical elements that must be secured. 
  •     Privacy concerns. The issues that plague us on the web and in databases everywhere will plague us in the virtual world. Data collection, retention, and sharing are just some of the examples that require definition, the establishment of individual rights, and regulation. 
  •       Digital boundaries. Users must maintain their rights of privacy and engagement with others. This matter could be complicated by the fact that there are no countries in the metaverse and no corresponding jurisdictions now. 
  •       Security on data transactions. From purchases to smart contracts, a binding construct will drive the exchange of data. The security of these transactions is critical to the success of the metaverse. Time will tell the extent of how general transactions may be regulated, taxed, and reported. 
  •       Identity of users. We are, in the physical world, what we are. Our being is tangible. One of the things that will have to be determined is what happens when an exact copy of your digital self is created or restored from a backup. If there’s a conflict, what version should continue to exist? What if a corrupted or erroneous copy comes into existence? What if that copy is intentionally modified or unintentionally wiped out?  
  •       Identity of others. Metaverse existence begins with avatars, a visual and perhaps audio-based representation of whatever that opposing creator put together. That user’s identity is questionable until you can confirm who they are in some real-world way that you trust. What about the inevitable presence of bots as we saw in the “meme stock” sagas? Are they friendly bots? Will you even know when you are engaging one? 

Concerns unchecked 

Let us not spoil what the metaverse can be by leaving these security and privacy concerns unchecked. Let us minimize, and hopefully avoid, the deafening noise and infiltration of non-human influence found on social media channels and online forums. The best metaverse is a genuine metaverse forum for humans void of bots and hackers.   

The metaverse is a concept that is launching lots of discussions and it is a likely part of our collective futures, but it needs to be a force for good. For now, the concept is vague, but the cybersecurity challenges ahead of us are clear, and we can act on those right now. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

2022 Cyber Realities

While 2022 holds promise for a better future through advancements in technology, new cyber risks will come along with it. We must move forward with a positive mindset, while not forgetting past mistakes. Originally published in Forbes2022 Cyber Realities builds on Ntirety CEO Emil Sayegh’s Predicting What 2022 Holds For Cybersecurity piece published prior.

Looking to the Future

In addition, to my top ten predictions posted on January 6th, here are a few more: 

  1. Ransomware Will Continue to Evolve

Ransomware, which is malware that encrypts a user’s data and demands a ransom payment to unlock it, is one of the most rapidly evolving cyber threats. Ransomware attacks continue to cost businesses billions, a trend that is expected to continue and attacks that ask for larger ransom amounts. This is a market, and incentive will drive innovations and evolution in an already rapidly changing and challenging arena of cat and mouse.  

  1. Blockchain Technology Will Be Used for More Security, Finally

Blockchain technology is often associated with cryptocurrencies like Bitcoin, but it can actually be used for so much more. Companies are already using blockchain to secure business data, improve cybersecurity, and protect user privacy. In 2022, many businesses will have moved their operations to the cloud – instead of having physical servers on-site – making protections from cyberattacks a priority. Blockchain technology can help to secure these cloud-based operations by creating a tamper-proof record of all transactions.  

  1. Employees Will Be a Major Source of Cybersecurity Threats

Employees are often the weakest link in a company’s cybersecurity defenses. They can be tricked into opening emails that contain malware, clicking on links that lead to phishing scams, and using unsecured Wi-Fi networks. In 2022, businesses will need to focus more on employee training and awareness to protect themselves from these types of attacks.   

As cyberattacks become more sophisticated, businesses will also look to AI, machine learning, and monitoring services to help them detect and respond to these insider-based threats.  

  1. Will the Password Become Obsolete?

Even though new technologies that can replace passwords are emerging, they won’t be very popular by 2022. These technologies include fingerprint scanners, eye scanners, and facial recognition. They are not very user-friendly and can be easily hacked.   

As a result, 2022 will still see the use of passwords for the foreseeable future. However, organizations should start to move away from using passwords and towards using two-factor authentication. Two-factor authentication is a more secure way of logging in that requires users to input a password as well as a randomly generated code that is sent to their mobile device. This will make it much more difficult for hackers to gain access to your account. It’s a step in the right direction as passwords are extremely fallible. 

  1. Governments Will Finally Realize How Much They’ve Lost Due to Lax Cybersecurity

State and regional governments have been slow to adopt new security measures because they have been underestimating the power of cybercrime. They think that their current policies are enough to protect them from attacks. But as more and more breaches happen, it becomes clear that this is not the case. In 2022, governments will finally realize how much they’ve lost due to lax cybersecurity and they will start to take action. They will allocate more resources to improving their security infrastructure and they will also work with businesses to ensure better protection of their data. 

  1. The use of AI for Cybersecurity Purposes Will Increase Exponentially

As mentioned earlier, the use of AI is going to increase exponentially in the next few years. This will be especially true for cybersecurity purposes. Cybersecurity companies will escalate the use of AI-based tools to detect and prevent cyberattacks. These tools will be able to analyze data at a much faster pace than humans and they will also be able to identify new threats that wouldn’t have been seen before. 

Looking forward to 2022, we must fully incorporate and reflect on the key cybersecurity events of the year behind us. There are valuable lessons, a bit of dirty laundry to clean still, and a challenge that should always be at the forefront of our operations. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.