The opportunities and risks of the metaverse

We know that not many consumers actually care about the metaverse, but that hasn't stopped tech giants investing heavily in preparing for it.

A new report from Tenable, based on a study of 1,500 professionals representing roles in cybersecurity, DevOps and IT engineering, shows 68 percent of respondents plan to do business in the metaverse within the next three years, with 23 percent having already begun initiatives in the past six months.

The most intriguing business opportunities presented by the metaverse are seen as customer engagement (44 percent), improved learning and training (41 percent) and better workplace collaboration (41 percent).

However, alongside the opportunities come risks. Four out of 10 respondents (41 percent) say that security is the top consideration affecting their organization's metaverse investment decisions, with only 48 percent of respondents feel very confident that existing cybersecurity measures are sufficient to curb cyberthreats in the metaverse.

In addition 86 percent stated they would be comfortable sharing users' personal identifiable information between different metaverse services, which presents a huge risk if the security framework to protect them is not in place prior to launch.

The security of metaverse operations should not be left to organizations alone to be determined according to 87 percent who believe the metaverse should be regulated.

"As with any new business opportunity, first movers have the advantage and the risk," says Bob Huber, chief security officer and head of research, Tenable. "The foundation of the cybersecurity program must be solid before making a big leap into largely unknown territory and drastically expanding your attack surface. Forward- thinking organizations that take the time and make wise investments in their security personnel and the security and integrity of their infrastructure are more likely to be successful in the metaverse or any other technology investment."

Top threats identified in the metaverse are: cloning of voice and facial features and hijacking video recordings using avatars; invisible-avatar eavesdropping or 'man in the room' attacks; conventional phishing, malware and ransomware attacks; and compromised machine identities and application programming interface (API) transactions.

There’s an infographic summary of the findings below and you can get the full report on the Tenable site.

Image credit: wacomka/depositphotos.com