1 minute read
Meeting the security and privacy challenges of the metaverse
KARA KELLY SARAH IANNANTUONO
By Kara Kelly, Manager at Deloitte and Sarah Iannantuono, Security Strategy and Program at SEEK
“Other virtual worlds soon followed suit, from the Metaverse to the Matrix. … Users could now teleport back and forth between their favorite fictional worlds. Middle Earth. Vulcan. Pern. Arrakis. Magrathea. Discworld, Mid‑World, Riverworld, Ringworld. Worlds upon worlds.” Ready Player One
The metaverse, a fully immersive shared virtual space for humans to work and socialise, became the subject of global discourse in 2022. The term ‘metaverse’—coined by author Neal Stephenson in his 1992 novel ‘Snow Crash’—entered into mainstream popular discourse (or as we like to say, dinner party/ BBQ conversations) after Facebook rebranded as Meta in line with a focus on leading the development of the metaverse. So, virtual hands up, who within the security, risk and privacy professions has been asked by family or friends what the metaverse is?
Depictions of the metaverse in the media, such as Ernest Cline’s Ready Player One, romanticise the concept of the metaverse. However, recent studies have brought to light the ways in which innocentlooking games can have real security and privacy issues. Imagine playing in a virtual reality escape room while, behind the scenes, an adversarial program was able to accurately infer over 25 personal data attributes about you: height, age, gender, etc. That is certainly not ideal.
With businesses racing to boost their bottom lines and governments taking advantage of the topicality of the metaverse there is a genuine need for reimagined security and privacy processes. It is imperative cybersecurity professionals are involved in metaverse opportunity exploration or discussion within their organisations to influence greater security and privacy.
