Beneath the buzz, the metaverse is arriving in both predictable and unexpected ways.
Some new experiences using headsets and mixed reality will be in your face – quite literally – but other implications will be harder to spot. As with all new categories, we’ll see intended and unintended innovations and experiences, and the security stakes will be higher than we imagine at first.
There is an inherent social engineering advantage with the novelty of any new technology. In the metaverse, fraud and phishing attacks targeting your identity could come from a familiar face – literally – like an avatar who impersonates your coworker, instead of a misleading domain name or email address. These types of threats could be deal breakers for enterprises if we don’t act now.
Because there will be no single metaverse platform or experience, interoperability is also crucial. Trust cannot end at the doorway of a virtual meeting space, for example – it must extend to the interactions and apps within – otherwise security uncertainty will hobble people wondering what to say or do in a new virtual space and create gaps that can be exploited.
Which brings us to the importance of these early days for the metaverse: We have one chance at the start of this era to establish specific, core security principles that foster trust and peace of mind for metaverse experiences. If we miss this opportunity, we’ll needlessly deter the adoption of technologies with great potential for improving accessibility, collaboration and business. The security community must work together to build a foundation to safely work, shop and play.
So what can we expect — and how can we create a trusted environment in the metaverse?