Even in today’s 2D version of the internet, digital identity is a complicated affair. Phishing has become so sophisticated that an email from your bank, a call from your auto insurer, or even a text message from your mother may not be what it seems. The immersive nature of the metaverse, however, may set the stage for even more elaborate forms of identity theft or mimicry.
“The threat of social engineering will potentially be even more effective in a 3D world, where deepfakes will be prevalent and an imposter is even more capable of tricking victims,” says Jeff Schilling, global chief information security officer at the digital business services firm Teleperformance . He emphasizes the importance of digital identity: “No matter the medium—telephone or metaverse—the best way to resist social engineering is by having a foolproof way to validate who is on the other end of the conversation.”
Identity protection will be a critical part of successful business operations in the metaverse—and it’s an especially important consideration for those getting in on the ground floor.
Metaverse innovators can lead on cybersecurity
Although the metaverse is currently a patchwork of individual companies’ siloed experiences, that won’t be the case for long. Major technology players are already hard at work constructing the aforementioned infrastructure. So are organizations like the Open Metaverse Interoperability (OMI) Group, an open-source community of tech industry veterans working to help companies achieve “meta-traversal” capabilities—that ability to move seamlessly from Saks to Starbucks. Before long, these innovators will want to integrate those environments to create a seamless experience for their shared customers.
David Truog, vice president and principal analyst at Forrester, points out that the metaverse will be the next iteration of the internet—and like the early web, it will go through some growing pains. In the web’s infancy, he notes, it had no encryption or e-commerce. Nobody used site passwords or had an online bank account. “Very quickly, there was a need for systems and social contracts and infrastructure that mirrored some of what we expect in the physical world,” he says. “These systems were necessary so that people could engage in private communications, buy things, trust that they could submit a credit card number online, and so on.”
In the metaverse, the role of cybersecurity in establishing similar interactions will be “an order of magnitude or two” more important, says Truog. As such, first movers in the space are in a unique position to anticipate security gaps and build in safeguards from the get-go.
In this early era of the metaverse, there’s an opportunity for companies to learn from past technological evolutions and resulting security snafus. The advent of AI algorithms, for instance, showcased the gravity of guarding against bias. Migration to the cloud highlighted the importance of encryption. “When the business community was first transitioning from the typical data center environment to the public cloud, everybody went there with great excitement—but they forgot to bring their security with them,” says Schilling. “I see a similar scenario building with the metaverse.”