The term metaverse is pretty hot right now. More and more brands are striving to conquer new virtual worlds using various integration formats.
For example, the luxury brand Gucci is buying virtual land in The Sandbox to start building its world on the metaverse platform. The first NFT restaurant, Flyfish Club, has opened in New York. You need to buy an NFT membership card, with numbers limited to 2,700 tokens for regular members and 385 for top-level guests. A permanent membership will cost 2.5 Ether (US$6,352 at yesterday’s prices).
Interest in the metaverse is more pronounced in Asia than anywhere else, given the speed by which many industries have adapted to things like mobile or messaging, observed Dan Neary, vice-president of Meta in Asia Pacific.
For example, SoftBank is investing $150 million in a South Korean metaverse platform that has amassed a large following of young female users by selling high-fashion items for 3D avatars.
Considering the level of hype, an economic effect is inevitable. According to forecasts by PwC, virtual and augmented reality technologies could affect 23 million jobs by 2030. This, in turn, could lead to economic growth of $1.9 trillion. One reason is that the technologies used in the metaverse can make it possible to minimise the gap between theory and practice.
Metaverses can be useful for people to play in, but businesses can also benefit from the use of digital spaces.
One of the most obvious options is to improve the training and education experience. Interactive learning experiences in VR, AR and Mixed Reality enable people to learn faster, retain information better and enjoy the process more.
A recent PWC study found that employees who trained in VR simulations learned four times faster than in-class learners and twice as fast as online learners.
According to Aimprosoft forecasts, the e-learning market is expected to grow significantly, from $185.2 billion in 2020 to $388.2 billion in 2026.
On the other hand, it is not always completely clear what people mean when using the term metaverse. Are they referring to a particular virtual world, like Fortnite, or a VR ecosystem, like Oculus? To complicate the matter further, people throw in more buzzwords, like NFT and blockchain.
All this complexity makes many people wonder if there are cybersecurity and privacy implications. After cutting through all the hype, we still have the problem of a possible account takeover, which can lead to identity theft and fraud.
In the same way that adversaries can get access to your personal or corporate correspondence if they hack your email accounts via phishing, malware or credential stuffing, they can also gain access to your personal data stored on your preferred metaverse platform. From a corporate perspective, it still means that a human is the weakest link when it comes to cybersecurity.
Some things might turn out to be different, and let’s try to imagine where this might go. One of the promises of the metaverse is interoperability. For example, a house you bought on Decentraland and a pair of luxury virtual sneakers from OpenSea would be accessible on all platforms, including the one you use to go to work at your virtual office. This creates a single point of failure and puts greater stress on the need to protect your accounts.
Another problem is that this interoperability can be based on blockchain. This puts more responsibility on the end user to keep their identity and digital property safe as current blockchains, by definition, lack central authority. This means that if your fancy NFT avatar is stolen, the platform cannot help you, as demonstrated by recent high-profile NFT-ape stealing cases.
Also, tying identity (and access to personal data) to a blockchain wallet, which also stores your money and digital property, means cybercriminals will be more eager to gain access to them.
Finally, the question of trust in the platform is important. Many companies are already using the cloud as their primary infrastructure and have distributed their workforce accordingly. Moving the office to a VR world would be a logical next step — though the technology needs to evolve considerably to make the idea of being in VR for 8 hours a day appealing.
Those whose operations involve handling personal data or classified information might want to continue relying on on-premises solutions and not expose the identities of their employees on a blockchain.
This means that should the metaverse actually become a new paradigm, the basics of threat mitigation will be the same: protect your accounts by using password managers and two-factor authentication, use a reliable cybersecurity solution to prevent malware and phishing attacks, and educate yourself and your employees on best cybersecurity practices. If you already use cryptocurrency, invest in a hardware wallet and learn how to keep your crypto safe.