Businesses See Benefits of Metaverse, Despite Security Risks

Almost seven in 10 organizations say they plan to do business in the metaverse within the next three years, according to a Tenable survey of 1,500 professionals representing roles in cybersecurity, DevOps, and IT engineering.

The survey, "Measure Twice, Cut Once: Meta-curious Organizations Relay Security Concerns Even as They Plunge Into Virtual Worlds," found businesses are already looking to take advantage of the benefits of the metaverse, as nearly a quarter having begun initiatives in the past six months as they look to tap into the power and allure of virtual worlds.

In general, organizations view the metaverse — which uses emerging technologies including virtual reality (VR) and augmented reality (AR) to create a virtual space — as an opportunity for interaction and collaboration.

The survey found most intriguing business opportunities presented by the metaverse are:

Despite the general enthusiasm over the benefits of the metaverse, security concerns are weighing on those considering entering the burgeoning field, with less than half (48%) of the respondents "very confident" that existing cybersecurity measures are sufficient to curb cyberthreats in the metaverse.

Related:Metaverse in the Enterprise: What You Need To Know

Another major factor that is causing trepidation in many organizations' plans for the metaverse is an economic one.

As central banks raise interest rates to curb inflation to stave off an economic recession, 38% of respondents said their organizations will wait to see how the macroeconomic conditions unfold before committing resources to an unknown venture.

The survey also indicated there are businesses that are more inclined to follow in the footsteps of others and want to gauge how other businesses fare in the metaverse first (36%).

Satnam Narang, senior staff research engineer with Tenable, said what surprised him most from the survey was the fact that more than half of respondents indicated their organizations plan to conduct business in the metaverse over the next 12 months.

"Not to mention 28% are already doing business in this environment," he said. "Considering how early we are, this finding surprised me most because it indicates that businesses see value in their future participation in the metaverse."

Related:Overcoming Metaverse Technology Challenges: What to Do Before Jumping In

Metaverse Security a Pressing Concern

This fact also underscores the importance of security within the metaverse, as businesses begin to offer experiences and utilize the metaverse for collaboration and training, Narang said.

While most organizations have some type of plan to join the metaverse within the next three years, less than half of the respondents said they are confident that their existing security measures are enough to fight cybercrime in that realm, he said.

Among the top metaverse security threats worrying survey respondents are the cloning of voice and facial features and hijacking video recordings using avatars, invisible-avatar eavesdropping, or "man in the room" attacks, as well as conventional phishing, malware, and ransomware attacks.

Bob Huber, Tenable's chief security officer and head of research, said as a normal course of business, security should be embedded in an organization's change management and architecture review board processes.

"That's at the tactical level. There is an assumption that the organization has reached this level of maturity," he added. "From a strategic level, security needs a seat at the table to drive business risk strategies."

That means security should be included in discussions on new markets, mediums, products, and regions to provide leadership with informed insights into the possible risks and how they may be managed to enable the business.

Huber pointed out that compromised machine identities and application programming interface (API) transactions are other potential risks stemming from the metaverse and said senior security leaders must "absolutely" be part of any part of an organization's metaverse development strategy.

Regulating the Metaverse

When it comes to the topic of regulation, the vast majority (87%) of respondents said they believe the metaverse should be regulated, and that the security of metaverse operations should not be left to organizations alone.

However, Meta Platforms is urging policymakers to hold off on creating new rules governing the metaverse.

Earlier this month, Edward Bowles, Meta's head of fintech policy, told reporters that regulators could "stymie innovation" if they create an entirely new regulatory scheme for the metaverse, while the company released a policy paper arguing many of the world's existing laws and regulations will also apply to activity in the metaverse.