Page 34 - February #178
P. 34

RLI RETAIL INSIGHT


                              Who is Looking After


                              the Metaverse?



                               The metaverse has well and truly made it into the cultural zeitgeist,
                               but who is coding it? Who is managing it? In this article, Emmanuel
                               Benzaquen, CEO of Checkmarx sets about answering these questions
                               as well as explaining why you should care.


                    he next iteration of the internet, also known as web 3.0, is in full   The overwhelming cybersecurity concerns
                    swing. The idea is to make the next generation of the internet   As the metaverse follows a decentralised model, development
              Tmore immersive, interactive, decentralised and technologically   initiatives for such projects are not governed by any rules, oversight
              advanced for today’s digitally enabled communities. At the very centre   agencies, or security procedures. It is the exclusive responsibility of the
              of this web 3.0 transformation, is the metaverse.     platform’s creators to safeguard users’ personal information.
                It has been hailed as the next frontier for cyber security experts, this   This implies that top executives and other project managers
              new-gen technology has transformed into a multi-billion-dollar industry.  usually have no obligation to discuss the internal information of the
                Although the metaverse is full of promise, there are understandable   development team. Who is responsible for writing the code for these
              concerns about its security. Most current security solutions and   applications? What entity is in charge of safety measures? Who exactly is
              technologies were not developed with decentralised applications in   making sure that everyone follows the rules? These questions are often
              mind. Therefore, standard measures, such as endpoint security, multi-  left unanswered in this space.
              factor authentication, or network firewalls, will not be enough to   These anonymous  aspects create a lack of  accountability for such
              protect this domain.                                  platforms. Who develops the open-source code and the APIs that so many
                Given the unorthodox features of the metaverse, such systems need a   businesses will utilise to create new apps and new areas in the metaverse?
              deep layer of embedded application security. However, to comprehend   Without answering these questions, we can’t ensure compliance.
              the critical need for application security (AppSec) in the metaverse, we   With so many security concerns, these interactive virtual worlds
              must first identify the unique traits and features of this next-generation   are the perfect hunting ground for cybercriminals. In fact, metaverse
              virtual technology.                                   companies reported a 60 per cent increase in cyber-attacks and an 85
                                                                    per cent increase in online fraud last year.
              How much do we really know about the metaverse?
                The metaverse can be defined as an interconnected set of 3D virtual   Can AppSec be the new landscape for metaverse security?
              worlds that facilitate interactive media environments. The goal of such   To make these next-gen virtual worlds a secure and safe space for
              platforms  is  to  build  digital  environments  where  people  can  engage   users, developers and project leaders must emphasise security at the core
              naturally, just as they would in the real world. As an extended integration   application level. Organisations that are venturing into this space should
              of Virtual Reality (VR) and Augmented Reality (AR), there are endless   focus on developing their metaverse platform as a secure application,
              possibilities whether it’s interacting with one another, buying products,   rather than trying to integrate security measures after development.
              attending social or community events, investing in assets, creating and   This is where AppSec comes in. Executives and project leaders
              selling art, or just meeting new friends.             must incorporate solutions that can find, fix and prevent security
                According to recent reports, there are over 400 million active   vulnerabilities in the source-code – and even solutions that can verify the
              monthly users in different metaverse platforms today, with market size   trustworthiness of contributors to coding projects. AppSec solutions
              being valued at over $40bn in 2022. And this will only continue to grow,   can incorporate effective security policies throughout the development
              as more brands and artists are heavily promoting this concept.  life cycle so that any potential vulnerabilities are identified and remedied
                So,  the  future  of  this  innovative  and  engaging  technology  is  full  of   during the production phase.
              excitement for sure, but what about its security?       Automated AppSec solutions can scan codes in real-time as developers
                                                                    are writing them and remediate potential software vulnerabilities during
              Is our data safe in the metaverse?                    development, meaning that metaverse platforms come out of the
                As the number of users grows, so too will the number of potential   production phase with built-in security measures that reduce the risks
              threats. When users join such virtual environments, they reveal not only   of conventional threats such as data exfiltration and identity theft.
              their identities but also highly sensitive network data such as their IP   It will be years until the metaverse is perfected but in the meantime,
              addresses. Even more so, when these platforms are used to facilitate   project leaders and executives must not forget their security
              financial transactions, users are often required to provide sensitive   responsibilities. A secure platform builds more credibility in the industry
              financial information.                                and extends the user base. That’s why application security should be at
                The purpose of metaverse platforms is to facilitate frictionless and   the heart of every metaverse project going forward.
              engaging experiences. Therefore, traditional payment mechanisms requiring
              centralised entities (like banks) are irrelevant in such environments.
                When making a purchase in the metaverse, would you be willing to
              take off your VR headgear and reach out to your smartphone every
              time to verify a transaction? This is anything but immersive. This is why
              many of these virtual marketplaces accept cryptocurrency and other
              decentralised assets for payment.
                This is concerning because such transactions require users to share
              their private wallet details. Moreover, there’s often no feature to
              determine or authenticate the true identity of the receiver of the funds.
              So, it’s evident that financial data plays an integral role in this space and
              should be a subject of significant consideration during development.



              34 RETAIL & LEISURE INTERNATIONAL FEBRUARY 2023
   29   30   31   32   33   34   35   36   37   38   39