Microsoft exec says security risks await metaverse, highlights collaboration as a solution

Reading time icon 3 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

As the metaverse continues to grow, security threats are also emerging. Microsoft Executive Vice President, Security, Compliance, Identity, and Management Charlie Bell believes malicious actors will try all the ways to penetrate the metaverse security using similar threats attacking the existing technology. The only solution, the executive claims, is the cooperative work of the various organizations to build security policies at the early stage of the metaverse.

Metaverse is a growing world that, whether we like it or not, will be absorbed by everyone sooner or later. Bell sees the future of tech with the same security challenges we are facing today, including impersonation, attempts to steal credentials, social engineering, nation-state espionage, and inevitable vulnerabilities. Implementing third party risk management solutions is a primary tool for minimizing security threats.

“There is an inherent social engineering advantage with the novelty of any new technology,” wrote Bell. “In the metaverse, fraud and phishing attacks targeting your identity could come from a familiar face – literally – like an avatar who impersonates your coworker, instead of a misleading domain name or email address. These types of threats could be deal breakers for enterprises if we don’t act now.”

With this, Bell underscored the importance of the early days of the metaverse in a blog post. According to him, the initial phase of the tech is the perfect time where “the security community must work together to build a foundation to safely work, shop and play.” He also said that the solution we would need for the future of the metaverse would be the same set of solutions we are using to fight the security risks in the present world. 

“We’ve long known that security is a team sport, and no single vendor, product or technology can go it alone in protection,” said Bell. “The culture of information-sharing and collaboration in the defender community today has been a monumental achievement that did not happen overnight. Today ISPs, cloud providers, device manufacturers — even industry rivals in these markets — recognize the need to work together on security issues.”

Bell stated that there are some steps we can implement now to prepare for the upcoming battles in the metaverse, including multi-factor authentication and passwordless authentication. He also suggests using the recent techs of the multicloud arena to allow IT admins to control access to multiple cloud app experiences using just a single console. In the end, Bell pronounced that the concepts of transparency and interoperability are the keys to securing safety in the metaverse.

“Metaverse stakeholders should anticipate security questions and be prepared to jump on any updates,” he writes in the blog. “There must be clear and standard communication around terms of service, security features like where and how encryption is used, vulnerability reporting and updates. Transparency helps accelerate adoption — it speeds the learning process for security … Let’s make the lessons we’ve learned about identity, transparency and the security community’s powerful collaboration our top ideals to enable this next wave of technology to reach its full potential.”