{"id":46458,"date":"2022-11-30T03:33:23","date_gmt":"2022-11-30T08:33:23","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=46458"},"modified":"2022-11-30T08:31:39","modified_gmt":"2022-11-30T13:31:39","slug":"cyber-futurism-victoria-baines","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/cyber-futurism-victoria-baines\/46458\/","title":{"rendered":"How business can use cyber futurism to see what comes next"},"content":{"rendered":"<p>With new technologies like the metaverse arriving regularly, how can business leaders and cybersecurity professionals know what new threats to expect? Futurism \u2013 analyzing future scenarios to inform today\u2019s decision-making \u2013 is one way.<\/p>\n<div id=\"attachment_46460\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-46460\" class=\"size-medium wp-image-46460\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/11\/30025702\/victoria_baines-300x200.jpg\" alt=\"victoria baines\" width=\"300\" height=\"200\"><p id=\"caption-attachment-46460\" class=\"wp-caption-text\">Victoria Baines, professor at Gresham College<\/p><\/div>\n<p>Victoria Baines is professor of information technology at UK\u2019s Gresham College and a former Facebook executive and Europol officer. She uses future scenarios to understand technology today and how we should prepare for threats to come. We chat about what these scenarios reveal about our world today, what might happen with new technologies like the metaverse and what business can do to keep users safe.<\/p>\n\t\t\t\t\t<div class=\"c-promo-post\">\n\t\t\t\t\t\t<div class=\"o-row\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"o-col-12@sm\">\n\t\t\t\t\t\t\t<article class=\"c-card c-card--link c-card--hor@xs c-card--small@xs\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__figure c-card__figure--small@xs c-card__figure--medium@sm\">\n\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/get-ahead-metaverse-security\/46191\/\" class=\"c-card__figure-link\">\n\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/11\/16020700\/339_data_security_metaverse-500x500.jpg\" class=\"attachment-card-default size-card-default wp-post-image\" alt=\"data security metaverse\" data-src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/11\/16020700\/339_data_security_metaverse-500x500.jpg\" data-srcset=\"\" srcset=\"\">\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__body  \">\n\t\t\t\t\t\t\t\t\t<header class=\"c-card__header\">\n\t\t\t\t\t\t\t\t\t\t<p class=\"c-card__headline\">Related article<\/p>\n\t\t\t\t\t\t\t\t\t\t<h3 class=\"c-card__title \">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/get-ahead-metaverse-security\/46191\/\" class=\"c-card__link\" target=\"_blank\" rel=\"noopener nofollow\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span>Why brands must get ahead on metaverse privacy and security<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<svg class=\"o-icon o-svg-icon o-svg-right\"><use xmlns:xlink=\"http:\/\/www.w3.org\/1999\/xlink\" xlink:href=\"https:\/\/www.kaspersky.com\/blog\/wp-content\/plugins\/kaspersky-emagazine\/assets\/sprite\/icons.svg#icon-arrow-long\"><\/use><\/svg>\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__desc \">\n\t\t\t\t\t\t\t\t\t\t\t<p>Tech experts and brands see the metaverse bringing a new level of immersive consumer experience. But it also brings tough security and privacy challenges.<\/p>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<footer class=\"c-card__footer\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__list\">\n\t\t\t\t\t\t\t\t\t\t\t<ul class=\"c-list-labels js-has-reading-time\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"c-list-labels__link\" href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/category\/digital-transformation\/\" target=\"_blank\" rel=\"noopener nofollow\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span>Digital transformation<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><span class=\"js-reading-time\"><\/span> min read<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"u-hidden js-reading-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\tWhile there's much buzz around the metaverse, few conversations focus on its security, privacy and safety. But these challenges may be even bigger in this emerging space than in the rest of the digital world.\r\n\r\nI spoke with several experts who agree organizations wanting to embrace this new medium must think about the challenges now \u2013 not when the metaverse gains full steam.\r\nWhat is the metaverse?\r\nThe metaverse is an immersive three-dimensional world where people engage in social and commercial activities through digital avatars. Users can access it on many kinds of connected devices, but it's most immersive when used with a virtual reality (VR) headset. There are many metaverses, including that being developed by Meta, formerly Facebook, Horizon Worlds.\r\n\r\nSome call it the future of the internet. In this metaverse future, our physical and virtual spaces and lives may converge seamlessly. It could create a common place to work, shop and socialize.\r\n\r\n\r\n\r\nSome put this future closer than we might think. Global analysts Gartner predict 25 percent of people will spend at least one hour in the metaverse by 2026. Market Research Future says the metaverse market will grow by 45 percent annually until 2030. By contrast, they expect the Internet of Things (IoT) to grow by just 26 percent each year.\r\nLittle focus on metaverse security and safety\r\n\"The metaverse's attack surface [possible entry points for malicious actors] is bigger, and it's also a new technology space,\" says Nick Donarski, co-founder and chief technology officer at blockchain company ORE System. \"Developers don't have the experience, technical resources and exposure for long-term understanding of its security and how it applies to organizations.\"\r\n\r\nAl Pascual, senior vice president of enterprise risk solutions at identity security provider Sontiq, thinks we can easily get 'ahead of our skis' when it comes to security. \"We invent new ways to give people experiences and products using old security paradigms and have to clean up the mess later,\" he says. \"We must think about security before we start deploying the metaverse to everyone.\"\r\nSecuring the 'Wild West'\r\n\"The metaverse is like the Wild West right now. There aren't even any standards yet,\" says Aarti Dhapte, senior research analyst at Market Research Future and an author of its metaverse market forecast reports. \"You can't even regulate it well because everybody doesn't define the metaverse the same way.\"\r\n\r\nGartner defines the metaverse as \"a collective virtual space created by the convergence of virtually enhanced physical and digital reality\" that's \"device-independent and not owned by a single vendor\" with \"an independent virtual currency.\" Other definitions include fully immersive experiences, a three-dimensional overlay on the physical world and a persistent collection of universes we can traverse with digital identities and assets.\r\n\r\nDespite its early stage, many security experts expect the metaverse will see familiar security threats: Social engineering, phishing, identity theft and more.\r\n\r\n\"Cybercriminals' methods are rarely new. More often, they use the same methods in a new channel,\" says Pascual, whose fraud prevention career includes working for global banks.\r\n\r\n\r\nAdding blockchain to the mix\r\nMany think blockchain will play a central role in the metaverse because of the need to decentralize the space and enable the various worlds within it to interoperate. Cryptocurrency, which uses blockchain, is the natural candidate for metaverse ecommerce. The metaverse could use smart contracts \u2013 digital transactions stored on blockchain that self-execute under certain conditions \u2013 to implement rules.\r\n\r\nAlso a new technology, blockchain adds complexity and security challenges to the metaverse. And while many think its immutability makes it more secure, recent attacks on blockchain highlight its security shortcomings.\r\n\r\nVirtual currencies, whether cryptocurrency or non-fungible tokens (NFTs,) are also hard to navigate, especially for a big metaverse user group \u2013 children. \"It's risky for kids and teens to understand handling virtual money in all forms and can lead to big losses,\" Dhapte says.\r\nPeople still the weakest link\r\nMalicious actors most often use people manipulation to attack. For example, Verizon's 2022 Data Breach Investigations Report says 82 percent of data breaches involve a human element. The metaverse's human element is similarly exploitable.\r\n\r\n\r\n\r\nThe metaverse will also magnify data privacy concerns. Artur Kane, vice president at secure remote access company GoodAccess, says that since the metaverse is a \"world attacking even more of our senses,\" tech giants can use it to make more money with better-targeted advertising. That means tracking even more of our behavior online.\r\n\r\n\"We give away much more information in the metaverse,\" says Kane, a frequent privacy speaker at industry events. \"Companies can learn much about us \u2013 like race, sexual interest, potential health issues.\"\r\n\r\nHe mentions recent research showing how attackers could exploit hardware and application weaknesses to violate privacy. They set up a benign-looking VR escape room game and inferred many participants' attributes, from height to age to location, with high accuracy using just minutes of gameplay.\r\nRegulation far behind\r\nLagging data privacy and security regulation adds to the metaverse's Wild West feel. \"We're giving away so much more data than we realize,\" says Kane. \"There's huge potential for data breaches and leaks in a new environment where legislation doesn't restrict much.\"\r\n\r\nBlockchain regulation is also lacking, which Dhapte thinks could mean greater chance of fraud. \"Since various countries don't have fixed regulations for blockchain, tracking fraudulent activities would be a real challenge for governments.\"\r\nUser risks in immersive environments\r\nThe metaverse is a rich playground for abuse \u2013 from sexual harassment to virtual assaults. \"Any vulnerable group, especially children, faces higher risk as non-consensual contact and communication might be more intrusive and targeted, given how immersive the experience is,\" Kane says.\r\n\r\nA survey by global think tank Wunderman Thompson Intelligence found 66 percent of parents familiar with the metaverse have child safety concerns. Fears are not unfounded \u2013 one media investigation found behaviors like racist comments and sexually explicit content directed at children.\r\n\r\nPascual of Sontiq says metaverse participants exchange little of monetary value today, \"But in ten to 20 years, the potential for financial transactions is huge, especially as digital properties gain value. Thefts will become more meaningful.\"\r\n\r\nIn the meantime, users still risk fraud. Pascual says scams draw kids looking for cryptocurrency and virtual swag. \"We've seen evidence of predators targeting children in open worlds like Roblox. Parental oversight, education and control on who children can engage with and what they can see will be key.\"\r\n\r\nAn investigation as part of Tomorrow Unlocked's hacker:HUNTER video series found rife hacking in children's games like Roblox, for example stealing hard-won digital items. These hacks had considerable impact on the child gamers.\r\n\r\n\r\n\r\nIt's harder for parents to monitor children consuming content using VR headsets because they can't look over kids' shoulders as with a computer or phone. That gives brands launching metaverse experiences a greater responsibility to protect users.\r\nProtecting business in the metaverse\r\nFor teams responsible for metaverse experiences, security experts like Pascual emphasize the need for moderation. He sees danger for brands in platforms ineffectively moderated. \"Brand trust will be critical, so there's a need for moderation, including monitoring to ensure brands aren't easily imitated,\" he says.\r\n\r\nModeration may not be easy. Tech giant Meta's chief technical officer said moderating user behavior \"at any meaningful scale is practically impossible.\" Still, some experts think self-scrutiny by brands, alongside industry collaboration, will be a business imperative in the metaverse.\r\n\r\nThe good news is security concepts are roughly the same in the metaverse, according to Donarski of ORE Systems. \"The fundamental security practices carry over because the architecture is the same. It still runs on a server, you have databases on the backend, user and password management, and so on.\"\r\n\r\nIt may take a while, but the metaverse will likely become a reality. Companies must consider security and privacy before that reality takes shape \u2013 whichever version of the metaverse unfolds.\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/footer>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\n<p><strong>Gemma: What does it mean to explore the future of cybersecurity through scenarios?<\/strong><\/p>\n<p>Victoria: Scenarios are not predictions, but if you do them right, they tell you as much about your situation now as what might happen in future.<\/p>\n<p>It\u2019s not just threats \u2013 it\u2019s how the world\u2019s changed, and what the tipping points may be. The pandemic was a tipping point for remote and hybrid working, but many find hybrid work just means doing all the things, all the time \u2013 the expectation they\u2019ll be available constantly for online and physical meetings. We\u2019d been working up to that for a long time. Reliance on email was a compelling signal we needed to find something better, quieter, with less churn.<\/p>\n<p>I think we\u2019ll see something like that with the metaverse. We\u2019ve now got the ultimate business case for it because Zoom and Teams aren\u2019t enough to feel like we\u2019re really working with people \u2013 we\u2019re still just on a call. Futures methodology is as much about exploring our present and spotting things in the past.<\/p>\n<blockquote><p>Cybersecurity futures reports always say, \u2018Next year we\u2019ll see more ransomware, more supply chain attacks,\u2019 same as the previous year. We need something more imaginative. It\u2019s bigger than more threats \u2013 society is changing, and we need to plan for that.<\/p>\n<\/blockquote>\n<p><strong>What have you found out about the metaverse through your cyber futures work?<\/strong><\/p>\n<p>Although there\u2019s <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/how-to-spot-hype\/36171\/\" target=\"_blank\" rel=\"noopener nofollow\">hype<\/a> and uncertainty around the metaverse, we have certainties about how it will develop. For example, Apple will probably bring out, or at least announce, a mixed-reality headset next year. However expensive, people want to use whatever Apple brings out. So we\u2019ll see people wanting Apple\u2019s mixed-reality headset in a way they haven\u2019t wanted other virtual reality (VR) headsets like Hololens or Oculus. This will significantly speed up metaverse adoption.<\/p>\n<p>The metaverse is less of a tipping point and more of an evolution. Roblox, Fortnight and Second Life are already metaverses. They use the feeling of presence and co-presence, and there\u2019s old research on this \u2013 academics like <a href=\"http:\/\/www.melslater.me\/\" target=\"_blank\" rel=\"noopener nofollow\">Mel Slater<\/a> and <a href=\"https:\/\/www.oii.ox.ac.uk\/people\/profiles\/ralph-schroeder\/\" target=\"_blank\" rel=\"noopener nofollow\">Ralph Schroder<\/a> showed us that being together virtually is emotional \u2013 it brings about positive reinforcement.<\/p>\n<p>We\u2019ll need AI-powered synthetic individuals to bump into in online social spaces because we need to feel like we\u2019re interacting with people \u2013 shaking hands, having sex and so on. We\u2019ll probably need 6G to power and connect all that technology, particularly if we want to use it when out and about.<\/p>\n<p><strong>What security implications have you identified in the metaverse?<\/strong><\/p>\n<p>Nothing\u2019s 100 percent secure \u2013 we must assume there\u2019ll be technical and human vulnerabilities in every aspect of VR, augmented reality (AR) and other metaverse-enabling technologies.<\/p>\n<p>In these scenarios, we look at all those vulnerabilities. We have signals already, like the panic around \u2018<a href=\"https:\/\/en.wikipedia.org\/wiki\/Zoombombing\" target=\"_blank\" rel=\"noopener nofollow\">zoombombing<\/a>\u2018 \u2013 hackers interrupting video conferencing with obscene and violent material. It happened because people shared their passwords on the open internet. We needn\u2019t panic \u2013 basic security measures would deal with it. But it shows that exploitation and infiltration will also play out in VR and AR.<\/p>\n<p><strong>Are there new cyberthreats for the metaverse and related immersive technologies, or is it the same threats in new spaces and technologies? <\/strong><\/p>\n<p>Much of it comes back to basic digital hygiene like patching, updating, and installing antivirus software. Basic \u2018handwashing\u2019 can do much to prevent ransomware infections. In that way, the new stuff isn\u2019t new, but we haven\u2019t given it enough attention.<\/p>\n<blockquote><p>You can fall into the trap of thinking the metaverse will be uniquely immersive and people will be uniquely psychologically harmed. But they\u2019re experiencing this with existing technology \u2013 we\u2019ve underestimated the emotional impact of being hacked.<\/p>\n<\/blockquote>\n<p>We\u2019ve viewed online harm as less impactful \u2013 as it\u2019s not physical abuse, we treat it less seriously. With metaverse technologies, you can physically sense resistance and impact, which means opportunities for physical assault. That has an operational impact for information security and cybersecurity.<\/p>\n<p><strong>What implications do these threats have for cybersecurity leaders today?<\/strong><\/p>\n<p>Technical information and security aspects become more important in addressing psychological and physical harms in these connected spaces. <a href=\"https:\/\/www.healthcareitnews.com\/news\/cybersecurity-and-internet-things-dangers-and-solutions\" target=\"_blank\" rel=\"noopener nofollow\">Pacemaker interference with medical internet of things (IoT)<\/a> signals that. We already have people walking around with internet-connected medical devices like defibrillators, insulin pumps and continuous glucose monitors. If those don\u2019t function properly, and if somebody dies, the question of responsibility arises. If it hasn\u2019t already happened, Chief Information Security Officers will be asked, \u2018What did the data say about any interference with that pacemaker? Was the firmware up to date?\u2019<\/p>\n<p>We can see something similar playing out in the metaverse. Everyone will say it\u2019s someone else\u2019s responsibility \u2013 those who make the hardware will say it\u2019s the experience developer\u2019s responsibility, they\u2019ll say it\u2019s the user\u2019s responsibility, and so on. People used to thinking only about data security and network security must now consider users\u2019 physical safety.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Future scenarios may allow business to stay ahead of threats in emerging digital spaces like the metaverse, but they also illuminate today\u2019s world.<\/p>\n","protected":false},"author":2518,"featured_media":46459,"template":"","coauthors":[3504],"class_list":{"0":"post-46458","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-emerging-tech","7":"emagazine-category-leadership","8":"emagazine-category-safer-business","9":"emagazine-tag-augmented-reality","10":"emagazine-tag-metaverse","11":"emagazine-tag-virtual-reality"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/get-ahead-metaverse-security\/46191\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/get-ahead-metaverse-security\/27417\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/46458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2518"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/46459"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=46458"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=46458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}