With big brands and start-ups alike jumping on the metaverse bandwagon, Microsoft tells us that, “Beneath the buzz, the metaverse is arriving in both predictable and unexpected ways”.
Even the most optimistic industry forecasts note that with massive potential for growth comes equal risk for security and privacy.
Charlie Bell, executive vice president, security, compliance, identity, and management at Microsoft shared some of the company’s thoughts on the future of personal and corporate safety in the future of the internet in a blog post.
Bell starts by noting that, “Some new experiences using headsets and mixed reality will be in your face – quite literally – but other implications will be harder to spot”. He goes on to caution that, “As with all new categories, we’ll see intended and unintended innovations and experiences, and the security stakes will be higher than we imagine at first”.
The post speculates that fraud and phishing attacks, “Could come from a familiar face – literally – like an avatar who impersonates your coworker, instead of a misleading domain name or email address”.
Unless your name is Mark Zuckerberg, you’ll be in no doubt that ‘the’ metaverse won’t be restricted to one single platform, but instead comprise many independent systems that may or may not share functionality. Bell illustrates the need for interoperability by saying that, “Trust cannot end at the doorway of a virtual meeting space, for example – it must extend to the interactions and apps within – otherwise security uncertainty will hobble people wondering what to say or do in a new virtual space and create gaps that can be exploited”.
Anticipating these new risks, Bell asserts that, “The security community must work together to build a foundation to safely work, shop and play,” lest development and adoption alike be delayed.
Referring to the developments of lookalike domains, wifi and smartphones in the workplace, Bell goes on to say, “We’ve long known that security is a team sport, and no single vendor, product or technology can go it alone in protection”.
Bell says, “Sitting now at the gateway of a new dimension in technology, it’s critical to align on key priorities to help secure the metaverse for generations — and identity, transparency and a continued sense of unity among defenders will be key”.
He anticipates that, “Metaverse platforms will likely create and generate entirely new data streams with the potential to improve authentication, pinpoint suspect or malicious activity or even revisualize cybersecurity to help human analysts make decisions in the moment”.
Acknowledging that it would be impossible to anticipate every potential security risk before the actual metaverse exists in a meaningful way, Bell looks to the future saying, “As with any new frontier, high expectations, fierce competition, uncertainty and learning on the fly will define how the metaverse evolves”.