Tenable Study: Organizations See Expansion Opportunities, Ignore Security Red Flags and Jump Into the Metaverse
December 2022 by Tenable
Tenable® published the results of a global study that revealed that cybersecurity is the top consideration as businesses decide on investing in the metaverse. In fact, even in a challenging global economy, concerns about macroeconomic conditions trailed behind cybersecurity worries. This sentiment underscores the rising criticality of cybersecurity in a digital economy to ensure it is a safe and secure environment for users.
The study, “Measure Twice, Cut Once: Meta-curious Organizations Relay Security Concerns Even as They Plunge Into Virtual Worlds,” surveyed 1,500 IT, cybersecurity and DevOps professionals in Australia, the U.K. and U.S. The study examines how organizations are approaching the opportunities and challenges associated with building, securing and participating in the metaverse, as well as offering insights into the risks and rewards of investing in this new technology.
While still in its relative infancy, organizations have begun to explore the metaverse and its capabilities. In fact 23% of organizations have already ventured into the metaverse, and 58% plan to conduct business in the metaverse within the next year.
Less than half of respondents feel very confident in their ability to curb threats in this new environment, the metaverse poses both new and legacy cybersecurity risks and challenges. According to survey respondents, threats that are either “somewhat” or “very” likely to take place in the metaverse include:
● Conventional phishing, malware and ransomware attacks (81%)
● Compromised machine identities and API transactions (84%)
● Cloning of voice and facial features and hijacking video recordings using Avatars (79%)
● Invisible-avatar eavesdropping or ’man in the room’ attacks (78%)
In addition to the cybersecurity threats, respondents identified several major barriers to entry, including the prospect of security breaches and identity theft (34%), the lack of a clear process for data privacy (33%) and the lack of experienced security professionals to secure the metaverse (32%).
“As with any new business opportunity, first movers have the advantage and the risk,” said Bob Huber, chief security officer and head of research, Tenable. “The foundation of the cybersecurity program must be solid before making a big leap into largely unknown territory and drastically expanding your attack surface. Forward- thinking organizations that take the time and make wise investments in their security personnel and the security and integrity of their infrastructure are more likely to be successful in the metaverse or any other technology investment.”
Other key findings from the report include:
● 87% of respondents are in favor of regulating the metaverse.
● Nine in 10 respondents agree that organizations need to adequately develop a cybersecurity framework prior to offering services in such a virtual environment.
● More than half (55%) of respondents said their organization will need to invest in training their current employees about safe cybersecurity practices to support their investment in the metaverse.
● When asked about the skills required for the metaverse, respondents cited UI/UX designing, 3D modeling, blockchain and gaming development, cybersecurity and software development as important development areas.