Cybersecurity: should we be wary of the metaverse?

In 2026, 25% of humanity will spend one hour a day in this new digital bubble that is the metaverse. Some companies are already raising millions to bring their luxury label into the metaverse, while celebrities are snapping up plots of land… And the rest of us are wondering what our role will be in this new ecosystem.
But while Mark Zuckerberg claims that humans will eventually “live” in the metaverse, a few questions remain unanswered. One of them is security. Because isn’t this the door open to new cyber-risks?

Managing Identity and Privacy in the Metaverse

If we look at another important evolution of the digital world, the adoption of the technology of the cloud computing is rich in lessons. A decade ago, many IT visionaries pointed out all the benefits of the cloud. But naturally, it took some time to get to where we are today. Specifically, as with the cloud, the metaverse will face hurdles to technology adoption that, for the cloud, have taken up most of the past decade.
In this new world, the identity and privacy of users will once again be at the center of interest, especially for businesses. Indeed, what will happen to the management and protection of this private data exactly? And the identity of the machines? (software, connected devices, in particular concerning VR headsets, etc.)? One thing is certain: access to data will once again be at the heart of the game, and may attract the attention of all malicious actors online. A risk to be prepared for.

A new haven for hackers

Like any online infrastructure, the metaverse will rely on a host of technologies such as PKI-based digital certificates (Public Key Infrastructure or ICP in French) to secure the influx of digital identities using its servers. Metaverse users could, like all Internet users, be victims of theft and collection of their data.
The number of smart devices (headsets, glasses…), apps, software, bots (or machines) and human identities that will need to be accurately authenticated will increase dramatically as metaverse apps grow. will develop and spread.

Focus on by-design security and additional tools

This will largely depend on the ecosystem of the metaverse itself. In some cases, the fundamentals of security will be integrated “by-design”. In other words, security and privacy will probably be the responsibility of the metaverse operators – but this remains very opaque for the time being. Behind the scenes, we can only hope they rely on best practices in security and privacy. And when it comes to best practices for digital identities, PKI-based certificates come into play.
While digital certificates are an excellent choice to serve as the basis for digital identities, managing them can be problematic. This is well known today, because the manual management of certificates has generated significant risks, especially in business. The cybersecurity market still has a lot of awareness to do in this area.
As we move forward in the metaverse, the fear is that we are destined to repeat history once more. Since we are moving forward without “by-design” security and privacy. This includes that best practices for managing digital identities and certificates should be followed. A neglected certificate expiration can have massive consequences, increasing vulnerabilities to criminal activity and compliance risks.
Again, let’s go back to the comparison between metaverse and cloud security. While cloud service providers have invested significantly to natively protect their cloud, consumers in these environments today still need many third-party security add-ons to account for cyber risks and attacks. The trend will be similar for the metaverse, that is, many tools and third-party solutions will be needed to support and increase the security of the infrastructure. This is all the more true since there will obviously be several metaverses, just as we have a world of multi-cloud environments!

Tribune written by David Mahdi, Director of Strategy at Sectigo

<<< Also to be read : FOCUS UNICORN | Lydia, the unmissable fintech >>>

Leave a Comment