Most Australian businesses are planning to invest in the metaverse in the coming months to enhance customer engagement, improve learning and training, and improve collaboration.
This is in contrast to the US and UK, where only 56 per cent and 55 per cent of businesses are expected to make similar investments, according to a new study published by Tenable.
However, as with most things in business, opportunities do not come without risk or consequences. When it comes to investing in the metaverse, nearly half of the respondents (44 per cent) cite managing cybersecurity risk as their primary concern, while 38 per cent cite managing privacy and information collection.
The study, Measure Twice, Cut Once, surveyed 1,500 IT, cybersecurity, and DevOps professionals in Australia, the U.K., and the U.S. (Full study here)
Organizations are already deciding to enter this market, which McKinsey & Company forecasts will rise to $5 trillion by 2030, despite its relative youth.
The study found that 86 per cent of organisations stated they were very and somewhat comfortable gathering and exchanging personal identification information (PII) with third-party services in the metaverse, where a genuinely immersive experience necessitates collecting, processing, and exposing personal data.
However, 35 per cent of respondents who were asked to identify the main entrance hurdles for their own organisation mentioned the possibility of security breaches and identity theft.
Apart from the obvious traditional threats we see in the real world, such as phishing, ransomware and compromised machine identities, ‘unknown unknowns’ is a real concern for businesses operating in the virtual realm.
The study shows 83 per cent of Australian respondents think that malicious cyber activity that’s possible in immersive virtual settings, such as ‘man in the room’ attacks, is very likely (37 per cent) or somewhat likely (46 per cent) to occur in the metaverse.
The threat posed by deep fakes lurking in the metaverse is also at the forefront of many organisations’ minds. The survey revealed 81 per cent of Australian respondents think it is very likely (39 per cent) or somewhat likely (42 per cent) that the cloning of voice and facial features and hijacking of video recordings using avatars might occur in the metaverse.
“As with any new business opportunity, first movers have the advantage and the risk,” said Robert Huber, chief security officer and head of research at Tenable.
“The foundation of the cybersecurity program must be solid before making a big leap into largely unknown territory and drastically expanding your attack surface. Forward-thinking organisations that take the time and make wise investments in their security personnel and the security and integrity of their infrastructure are more likely to be successful in the metaverse or any other technology investment.”
Another major factor causing concern in many organisations’ plans for the metaverse is the financial one. Following the Reserve Bank’s recent interest rate hike amid inflation concerns, 35 per cent of respondents stated that their organisations would wait to see how macroeconomic conditions develop before committing to an unknown venture.
While security experts are concerned about the metaverse and how it will be navigated, Australian businesses have taken the first steps into the virtual universe. The survey results show that organisations recognise that a proactive strategy to train, educate, and encourage talent will be required to enable them to operate safely within the metaverse.
More than half (53 per cent) of Australian respondents say their organisation will need to invest in training their current employees about safe cybersecurity practices to support their investment in the metaverse. These organisations also acknowledge that hiring talent in specialised areas such as IT (52 per cent), cybersecurity for the metaverse (49 per cent) and software developers (47 per cent) will be crucial.
To read the full study, visit: https://www.tenable.com/cyber-exposure/managing-risk-in-the-metaverse