News

Microsoft on Metaverse: 'Trust Cannot End at the Doorway of a Virtual Meeting Space'

• By Chris Paoli
• 03/29/2022

The metaverse is coming and, with it, a new landscape for cyber threats.

Microsoft on Monday said that security should be front and center as emerging tech surrounding the metaverse continues to build steam.

"There is an inherent social engineering advantage with the novelty of any new technology," said Charlie Bell, executive vice president of security at Microsoft. "In the metaverse, fraud and phishing attacks targeting your identity could come from a familiar face -- literally -- like an avatar who impersonates your coworker, instead of a misleading domain name or email address. These types of threats could be deal breakers for enterprises if we don't act now."

Bell continued by emphasizing the importance of creating security "core values" during this early transitional phase, pointing to the example of Wi-Fi -- a new technology that went from prototype to standard in hardware in a very short period of time -- which spurred a "gold rush" of security fraud incidents.

He said that to stymie future threats against the metaverse, information sharing among tech is necessary to avoid the mistakes of the past. "Sitting now at the gateway of a new dimension in technology, it's critical to align on key priorities to help secure the metaverse for generations -- and identity, transparency and a continued sense of unity among defenders will be key."

The first key priority is to identify who and what cyber criminals will target first. Bell pointed that, unlike phishing e-mails of the past, tomorrow's threats will come with a face you know -- whether that's an avatar of a family member, your CEO inviting you to a meeting in a malicious chat room or a fraudulent bank teller.

To combat them, passwordless authentication and multifactor authentication need to be built into the emerging platforms, said Bell. He also mentioned that centralizing management of multiple cloud apps in one console will help IT keep an eye out for possible attacks and be able to quickly respond when an incident occurs.

Platform holders also need to stay transparent with their users, and be willing to communicate and act quickly to identify and fix security holes on their side. "There must be clear and standard communication around terms of service, security features like where and how encryption is used, vulnerability reporting and updates," said Bell.

Finally, Bell said that a mutual level of communication should be in place among all stakeholders on these emerging platforms. To better prepare security safeguards -- like improved authentication and monitoring -- they will need to factor in security best practices during the early days of development, and the industry will need to work together to build off of one-another's growing experience in this emerging field.

"As with any new frontier, high expectations, fierce competition, uncertainty and learning on the fly will define how the metaverse evolves -- and the same is true for securing it," said Bell. "But we do not need to predict the ultimate impact of the metaverse to recognize and embrace the security and trust principles that make the journey a safer one for all."