When Facebook changed its name to Meta, the move cemented the metaverse – a virtual universe for social interaction- as the next big thing.
While companies are hoping to leverage on the metaverse for business and customer engagement, the virtual reality space also opens users to privacy issues among other greater security risks such as fraud, identity theft and other cyber criminal threats that seek to take advantage of unsuspecting communities that will be converging online.
iTnews Asia speaks with Sean Duca, Vice President and Regional Chief Security Officer, APAC & Japan, Palo Alto Networks, to understand measures that companies must take to safeguard their data and users in the metaverse.
iTnews Asia: The metaverse touts a unified community of users connecting one another in a virtual cyber space. This will likely mean the collection of more data from users. Facebook claims they already have multiple layers of security protection and will continue to add to them. What are the larger privacy concerns and what is the best way of verifying and protecting user identities?
Even today, there is already a critical need for people to verify and secure their digital identities to ensure that their data cannot be misused or sold. In an unregulated environment like the metaverse, the security concerns will only be heightened from an increased use of our digital identities, which will make them more attractive to cybercriminals.
Organisations should look to protect the data they collect and vet the third parties which they share data with, whilst applying the principle of “Trust nothing, validate everything”, or Zero Trust. This requires parties to continuously validate every stage of a digital interaction, rather than relying solely on authentication and authorisation to combat the exfiltration of sensitive data.
Like any social interaction online, users should think about what and how they share their data. The metaverse could help companies to serve hyper-personalised, targeted ads to consumers, based on their interactions, likes and other information gleaned from what they post and share. This type of information, when overshared, could be used by cybercriminals to take over accounts and steal identities.
Organisations will need an ironclad strategy that offers complete visibility on how people and other organisations will interact with them, while ensuring that security is baked in all steps of their approach, from the planning stages all the way through the running phase.
-Sean Duca, Vice President and Regional Chief Security Officer, APAC & Japan, Palo Alto Networks
iTnews Asia: If the metaverse were to be used in an enterprise setting, what are the biggest challenges organisations may face when utilising the metaverse for business? What can organisations do to manage potential breaches and security loopholes posed by the metaverse?
The immersive nature of the metaverse will unlock new opportunities for businesses and consumers alike, as it allows buyers and sellers to connect in a new way. Companies can take advantage of mixed reality experiences to diversify their offerings and cater to the needs of consumers in the metaverse. However, these opportunities are not without challenges.
Consumers will likely require wearable hardware, such as smart glasses or headsets, to be fully immersed in the metaverse. Mainstream adoption of these connected devices will translate to an inevitable broadening of the attack surface, which if not adequately secured, could result in more vulnerabilities.
Furthermore, the intersection of physical and digital realities in the metaverse could mean that security incidents in the digital sphere might lead to far-reaching consequences in the real world.
Organisations must be mindful of how different devices and parties will interact in this unfamiliar environment. They need to establish a well-coordinated architecture and implement solutions that validate, authenticate, and apply threat prevention capabilities across their entire infrastructure. This will help them to identify potential threats and double down on areas that are especially vulnerable.
iTnews Asia: Do IT security systems need to evolve and change to address the security risks that the metaverse will bring about?
As businesses will look to set up storefronts and advertise in the metaverse, it is imperative that they think about brand reputation, intellectual property, and how to identify fraud and abuse right from the onset.
Current IT systems will have to evolve in order to manage the new challenges that come with the metaverse. Organisations will need an ironclad strategy that offers complete visibility on how people and other organisations will interact with them, while ensuring that security is baked in all steps of their approach, from the planning stages all the way through the running phase.