Organisations must shore up current defences before scaling to the metaverse 


By Kartik Shahani, Country Manager, Tenable India

The metaverse has emerged as one of the most exciting new frontiers since the advent of the internet and tech giants like Microsoft, Meta and Roblox are investing billions of dollars to pioneer this space. . Globally, the market for metaverse opportunities is expected to grow at 41% CAGR with McKinsey & Company predicting its potential to be valued at $5 trillion by 2030. The metaverse, where the virtual world mimics the physical world, creates innumerable possibilities for new activities and experiences like never before. It’s perhaps why 57% of Indian CXOs say metaverse initiatives, both long and short term, are underway in their organisations. 

The report by NASSCOM revealed that retail, manufacturing, healthcare, telecom, professional services and the banking sector are likely to be major investors in metaverse initiatives in India.  From virtual classrooms to digital twin offices, connected medical devices, smart cities, simulation of real-time performance with analytic-driven improvements, visibility into lead times, transit times, shipping delays and real-time shipping costs, and the use of cryptocurrencies — the metaverse has endless opportunities for individuals, governments and enterprises alike. 

The realisation of the metaverse requires the amalgamation of technologies such as XR, HDMs, networking, blockchain, edge-cloud computing, and IoT including sensors, data gathering and visualisation technologies like AR/VR and more. 

Nevertheless, as with any new frontier, there are also real concerns about cybersecurity in the metaverse with so many interconnected devices and systems. A  study by Tenable showed that 41% of organisations are concerned about the cybersecurity of applications in the metaverse. And 81% say it is likely that conventional phishing, malware and ransomware attacks might occur in the metaverse. As organisations consider scaling their offerings to the metaverse, it helps to prioritise cybersecurity as the attack surface will expand dramatically. At a time when ransomware is the world’s third-largest economy at $7 trillion, security cannot be ignored. It’s paramount that organisations secure their existing infrastructure and also place higher security standards for third-party vendors before scaling to the metaverse. 

Threats in the metaverse

Today’s cyber threats are already causing many organisations immense losses. The World Economic Forum, in its State of the Connected World 2023 report revealed that 46% of organisations, which were breached, suffered reputational damage and losses. In the metaverse, these threats will increase exponentially. From threats in the cloud to identity access management, data privacy, social engineering and cyber-physical threats, the threats are manifold.

Invisible-avatar eavesdropping or ‘man in the room’ attacks

For instance, with the use of VR headsets being a key technology in the metaverse, “peeping Tom” scenarios could proliferate. Imagine a financial consultant offering advice to a consumer in what they think is a private room in the metaverse, not knowing that a third party is also present in the room eavesdropping with impunity. 


Cloning of voice and facial features

Having avatars with synthetic voices and facial features that mimic those of users or employees can make the metaverse experience more personal. These avatars also generate various data, such as voice, video and messages, as they navigate their metaverse for business meetings and access personal information for services. But there are concerns about there being no way of identifying who is really behind the avatars. Personal information and content stored in a virtual environment, metaverse platform or service system can be forged and leaked.

Secure existing people, processes and technologies

It’s imperative that organisations intending to adopt metaverse initiatives secure their existing people, processes and technology. Since the metaverse is still at its nascent stage, organisations are uniquely poised to ensure that third-party vendors of IoT devices and metaverse technologies prioritise security and weave it into the software development lifecycles, making these technologies secure by design. More importantly, proactive and preventative security measures ensure organisations gain full visibility into the length and breadth of the attack surface. 

It’s true that most security solutions weren’t built with the metaverse in mind, which is why less than half (48%) of organisations are very confident that their organisations’ existing cybersecurity measures are sufficient to curb cyber threats in the metaverse. And 90% of organisations agree that they need to adequately develop a cybersecurity framework prior to offering services in a virtual environment.

Understanding the metaverse can be complicated as its full potential is yet to be realised but one thing is certain: security needs to be ubiquitous throughout the development process in order to protect every transaction across the metaverse, weaving security into the core application layer. When embracing the metaverse, new threats are bound to emerge, not all of which can be mitigated with current solutions. 

Fostering a safe and secure platform would mean establishing foundational cybersecurity practices. This means shifting left in the metaverse, and gaining complete visibility into vulnerabilities, misconfigurations and internet-facing assets. 


Please enter your comment!
Please enter your name here