The growth of the metaverse brings new opportunities for innovative business practices and new ways to interact with one another in the workplace. While the metaverse brings the potential for improved workflows and virtual meeting rooms – it also brings an expanded attack surface and new ways for exploitation by bad actors. Given the variety of ways individuals and enterprises can engage with the metaverse – including both digital and physical channels – the vast amount of data collected in the metaverse alone creates a new generation of security challenges.
One of the biggest challenges of this new communications frontier will be the exponential growth in digital identities, which will open up new gateways to potential bad actors. The problem is that IT professionals are still trying to master securing identities in this cloud-first world – and many are unprepared to handle the rapid growth that this new landscape the metaverse will create. Luckily there’s a place to start. By understanding the current digital identity landscape and how it will impact the new virtualscape, companies can match these broadening threats and achieve digital resiliency.
Will the metaverse transform the identity landscape?
Today’s identity landscape is enormous and cyber criminals are taking advantage of the scope of the sprawl. But what many IT professionals are overlooking is how the proliferation of identities is making organisations more vulnerable. Due to the changes in where we work and in the way we work, the race to the cloud and a dramatic increase in the use of automation, identities are rapidly multiplying.
These higher volumes of identities from multiple sources are not only difficult to manage, but also an ideal situation for bad actors who are looking to take advantage of weak spots that might be overlooked by organisations. In fact, 61% of breaches in the past year involved exploited credentials. Clearly, IT and security professionals are having difficulty reining in the always growing identity landscape. Unfortunately, the growing adoption of the metaverse is only going to expand the identity attack surface even further.
So, while the current identity landscape is tenuous, the metaverse will not only exacerbate existing problems, but also create new problems – especially when it comes to access. Metaverse users will be actively encouraged to join the digital world in new ways, from laptops, smartphones, virtual reality sets and gaming consoles, which will create new usage and access points for cyber criminals to exploit. This means they will need to be adaptive in the strategies they use to manage access as identities evolve in the metaverse.
Access, privacy and identity management are all going to play vital roles in ensuring the well-being and security of individuals and organisations in the digital world. Kurt Opsahl, general counsel of privacy-watchdog group Electronic Frontier Foundation, notes that when it comes to data generated by technologies surrounding the metaverse, “there’s the potential for manipulation or invasive misuse of that data”. Not just by employers or unknowing insiders, but bad actors as well. And based on our cloud and digital transformation track records, whenever there’s a breakthrough in innovation, there’s an equal and opposite uptick in exploitation.
As the run-up to a virtual world continues, and digital avenues, identities and access points widen across the enterprise, the name of the game will be “digital resiliency” in 2022. To secure this new environment, organisations need to ensure that all individuals – and proliferating identities – have limited and only-what's-necessary access to business and data assets from the start.
Another way to think about digital resiliency and identity and access management in 2022 is through the lens of these two words: zero trust. Having grown significantly in popularity since early 2021, zero trust is the only proven cyber security framework that minimises the impact of a cyber incident. As a model for implementing robust and selective security, zero trust eliminates vulnerable permissions and unnecessary and excessive access to help companies better manage and secure the identities, applications and machines across its network.
In other words, instead of trying to throw a firewall, password or other forms of perimeter-based defences around every new access point or identity that crops up in the metaverse, organisations need to lean into setting limits and treating every identity like a potential threat. As we continue through this hyper-collaborative, and increasingly interactive, digital-first world, and as cyber security grows in complexity and severity, it will be even more essential for businesses to limit and manage access – which starts with zero trust.
The metaverse is coming and it's bringing a bevy of new opportunities for good and bad actors alike. But innovation doesn’t need to breed exploitation. If companies are prepared, lean into zero trust and set limits on access, the virtual world can remain a safe one too.
Share