The internet you know today is gradually going the way of the original web. The aspect of web3 that’s most exciting–and most concerning to cybersecurity wonks like me–is the metaverse, an immersive 3D experience where people can explore, shop, play games, spend time with distant friends, attend a concert, or hold a business meeting. The metaverse is what bold virtual reality pioneers envisioned way back in the ‘90s when most people lacked the compute power, storage, or network bandwidth to make it real.
Think of the metaverse as the next iteration of social media. It’s a place where internet users will increasingly spend hours and money engaging with friends, content, goods, and services.
To enable this, metaverse users and platforms are relying on cryptocurrency and its underlying blockchain technology. Cryptocurrency is playing a huge role in both making metaverse experiences possible–it’s largely how people pay for goods and services in virtual worlds–and in presenting uniquely vexing cybersecurity challenges.
Sizing up the risks of the metaverse
The metaverse today is already experiencing security growing pains. Much of this has to do with the use of cryptocurrency blockchains, which function as a distributed public ledger of all historical transactions. Armed with the hash of a transaction, or the address of a cryptocurrency wallet, anyone can examine any of the transactions that have previously occurred.
This is great for transparency, which is one of the big selling points of cryptocurrency. But it also means everyone has access to all the information available on that blockchain. And not everyone can be trusted. Here are five areas where the metaverse presents security risks.
- Cryptocurrency wallets as metaverse identities
- Malevolent Smart contracts, both buggy and malevolent.
- ENS squatting
- Non-fungible tokens (NFTs)
- Seed phrase scams
There are other risks, but these should give you an idea of how this new world is breeding new security concerns.
Building a safer metaverse
Now is the time we should be thinking about, and acting on, new measures to secure the metaverse.
At Cisco Talos, we know from experience how algorithms driven by machine learning are enormously helpful in identifying potential and active threats. That same kind of technology can be deployed to help gaming, shopping, trading, and other platforms find and eliminate threats for their users.
Because the metaverse is likely to become a fully integrated and open environment, one in which a virtual good purchased on one platform could be worn or used on another, we must take the same approach to security. At Cisco, we’re already creating that open, integrated environment for the multi-cloud future every business is adopting. It’s a perfect fit for the metaverse.
Eventually, the crypto winter will end, so we can’t waste this opportunity to build a safer metaverse before the insanity returns. Security industry leaders should take this moment to map out a secure future for this next generation of the internet.
Click here to get to know Cisco Talos, the industry-leading threat intelligence group fighting the good fight.
By Kevin Delaney, Senior Writer at Cisco