You can own your own piece of virtual real estate, do some online shopping, attend virtual events and experience an entirely new world in the metaverse.

Want to live next door to a celebrity? For the right price tag, you can.  Just last year, a wealthy fan paid $450,000 to be rapper Snoop Dogg’s virtual neighbour in the Snoopverse. For that hefty price tag, Snoop’s new “neighbour” gets front row seats to an exclusive look into the rapper’s real life, and virtual concerts.

By 2026, Gartner predicts that 25% of people will spend at least an hour every day shopping or interacting within the metaverse. And it’s not only consumers spending some of their free time in virtual playgrounds: businesses are also forecast to move some of their interactions to this new digital realm.

All signs point to the metaverse becoming a huge economic opportunity. Bloomberg analysts predict the global market for virtual social worlds will be worth $800-billion by 2024, with metaverse-related exchange traded funds to reach $80-billion by the same year. This is despite the top 15 ETFs with “metaverse” in their names all posting negative returns over the year to February 2022, with performances ranging from -9.19% to -23.33%.

Brands are flocking to get their piece of the metaverse. They range from tech giants such as Microsoft, Google, Nvidia and of course Meta (previously Facebook), to consumer brands like adidas and Samsung, and financial services giants HSBC and JP Morgan. 

Many businesses see the metaverse as an opportunity to enhance digital experiences and virtual interactions and close the gap with employees and customers. A JP Morgan report, Opportunities in the metaverse, singles out a recent Fortnite concert that grossed about $20-million, including merchandise sales, that was seen by 45 million people. 

While opportunities abound, many of today’s cyber threats will still be prevalent in the metaverse of tomorrow. If anything, the additional complexity of a fully virtual environment could make those threats more difficult to defend against or manage, says Brian Pinnock, a cyber security expert at Mimecast.

Pinnock outlined the top cyber risks businesses and consumers are likely to encounter:

Risk #1: More scams and fraud

Currently, the metaverse is still in its early days and users enjoy the interconnectivity and freedom of their new virtual world/s. But this may come at the expense of online safety measures that could protect users from threats.

“Consider how hard it is to govern or safeguard web domains that fall outside national borders. Without the proper measures to protect users, the metaverse could become an unregulated playground for cybercriminals, who could use it to impersonate other users, commit fraud or steal personal information,” Pinnock says.

Risk #2: Younger users at peril

The online gaming community is notorious for a toxic culture where even the youngest players are victimised or abused by online trolls. The metaverse could exacerbate this. A BBC News investigation found that the virtual design of the metaverse allows children to be easily exposed to racial abuse and sexual harassment. Head of online safety at the UK’s National Society for the Prevention of Cruelty to Children (NSPCC), Andy Burrows, says technology companies seem to have learnt little from the first generation of social media and Metaverse products could be dangerous due to neglect and a lack of oversight.  

Risk #3: It’s (always) about the money

One of the big business opportunities of the metaverse is the potential for its own currency or cryptocurrency. This would be in line with the broader shift to decentralised finance, but it’s also an unprecedented opportunity for cybercriminals to use a virtual economy for money laundering.

In addition, as different metaverses spring up and users start transferring stored value from one to the other, opportunities emerge for cybercriminals. A lack of secure exchanges between buyers and sellers could expose users and their new financial system to threats. 

Protecting against metaverse cyber threats  

First, organisations need to review their cyber resilience strategies to include employees and customers operating in the metaverse. 

Pinnock recommends a security strategy that prioritises defence-in-depth and allows businesses to add multiple layers of security controls throughout their organisational systems. “This would allow businesses to examine all the various elements of data transfer and communication (email, web, apps, messaging) along with the physical network, building environments, and highly vulnerable human factors,” he says.

Regular and ongoing cyber awareness training would also empower employees with much-needed knowledge to better identify and avoid potentially risky online behaviour. Pinnock notes that since nine in 10 data breaches involve some form of human error, no business can afford to underinvest in their “human firewall” as they embrace emerging technologies. Security awareness training products should also be on top of new technologies and ensure content is current and relevant to the changing virtual environments.

“Ultimately, the metaverse has the potential to unlock a new era of technological innovation, human connectivity and digital experiences. But companies and users will need to tread carefully and ensure the highest standards in cybersecurity, or risk watching their new dream world turn into a nightmare at the hands of the global cybercrime industry.” BM/DM