Metaverse, blockchain and cybersecurity: opportunities and dilemmas to be addressed a.s.a.p.

Recent innovations have emerged, namely, the metaverse, the massive use of blockchain, Web3 or digital identity, opening up hitherto unfeasible opportunities, as described by the 2022 ‘Megatrends’ report. Major new challenges are emerging too, particularly in the field of cybersecurity. On International Internet Day we address these challenges with world-class experts.

Stephen Wilson, data protection leader at Lockstep Consulting; Cristina Dolan, Global Head of Alliances Global and expert in cybersecurity, and Macarena Estevez, data scientist focused on AI and metaverse at Deloitte, help us with some of the big questions emerging in these new environments. What are the big challenges to be addressed in the new Internet?

“The metaverse,” Macarena Estévez tells us, “is the universe of data.” According to this metaverse expert, there is no doubt that the synthesis between virtual, augmented, and mixed reality will soon lead to more environments of this type. And because everything will be recorded in them, a big data and artificial intelligence analysis will distill useful insights out of them.

However, “we still don’t know what the metaverse will look like”. This is Steve Wilson speaking. The latest Megatrends report agrees on this point: we don’t know for sure what the metaverse is or what it will mean, but if there is one thing we know for sure, it is that we want to be there.

Given this context, Steve Wilson stresses the importance of data reliability: “We must anticipate and design a metaverse—Web3—in which data about people and things are radically more reliable than in the current Web1&2″.

Macarena Estévez sees the difficulty “of a consensus-driven, somehow global approach” to the “duality between centralization—Meta, Fortnite—and decentralization—Decentraland, Sandbox—as the biggest barrier to the metaverse “, whereas Steve Wilson is clear that “any decentralization in a metaverse hosted by data companies will be just for show.”

The very fact that experts disagree on how to anticipate the future of the metaverse is a key starting point: the metaverse is not yet defined, nor are its rules in place. What, then, about its security?

This increases the area of exposure to risk

On International Internet Day, Cristina Dolan introduces a very interesting concept about cybersecurity risk: the exposure surface or attack surface. It basically refers to anything susceptible of an attack or vulnerability. As “the complexity of the infrastructure increases”, so does “the attack surface of these growing networks”. Thus, the risk of cyberattack and the complexity of successfully executing cybersecurity balloons.

If one system has exposure surface A, and another has exposure surface B, combining them will result in surface C. The problem? C will be greater than the sum of A plus B. That’s because complexity entails risk, one “more immediate to communities than environmental risks,” which aren’t exactly just anything.

“Humans cause 95% of cybersecurity breaches,” stresses Cristina Dolan, and Steve Wilson points out that “we have to introduce users—especially the most vulnerable ones—very gently to the new augmented and virtual realities”.

In the eyes of our expert, it is also necessary to “rethink identity” in order to have “properly reliable data supply chains“. Without full traceability of this chain, users will be vulnerable.

More exposure area, new digital tools

As the area of exposure of organizations, projects, tools and programs grows, “the hope is that the focus on cybersecurity will grow,” continues Cristina Dolan. In fact, artificial intelligence tools are already being used. Without them, it would be impossible to “patrol” the entire digital perimeter of organizations.

Although not a perfect analogy, this security perimeter can be visualized as a physical perimeter not unlike the ancient walls that protected fortresses and villages. As these grew, so did their area and, with it, the risk of attack or vulnerability rose in proportion.

Without AI and automation, defending all vulnerable points is no longer viable. As Cristina Dolan summarizes, “the complexity of the threats far exceeds the capabilities of a few tired analysts staring at a screen.”

Along these lines, the latest Megatrends report warns that weaving security networks strong enough to articulate systems that protect the user is not an easy task. But it is absolutely necessary. And International Internet Day is the perfect time to remind you of it.

How are the metaverse and its security regulated?

Cristina Dolan points out that, with the acceleration of ‘digital’ due to the pandemic, “awareness of cybersecurity risks has increased”. However, digital education, while important, cannot be the basis for cybersecurity in the metaverse and other environments. There is an urgent need to establish minimum regulation that brings security to users, by default.

As the Bankinter Innovation Foundation’s Megatrends report reminds us, when we talk about the metaverse we are not talking about a video game or a virtual world that will only be accessed by a few gamers and fans. We are talking about the natural evolution of the Internet. And in this process, cybersecurity will be key. In this regard, one should ponder what laws will govern the metaverse and which agencies will be responsible for their implementation and control, how the large amounts of user-generated data will be stored or for what purposes they will be used.

“We could make all personal data and all ‘identity data’ as secure as cards if we treated digital identity as another form of data,” says Steve Wilson, drawing a comparison between digital identity in virtualized environments and the familiar bank cards and their remarkable security through standardization. But how could the basic cybersecurity of the metaverse be standardized?

To do so, it is necessary to understand what the risks are, among which Cristina Dolan highlights the following:

– Loss of access due to loss or theft of cryptographic keys.

– The lack of regulatory transparency as applied by some blockchain networks with anti-money laundering (AML), know your customer (KYC) or know your transaction (KYT).

– Identity verification, the theft of which can be complex.

– Fraud and lost digital assets.

DAOs, decentralized autonomous organizations to comply with new laws?

DAOs (Decentralized Autonomous Organizations) are, in the words of Macarena Estevez, a new form of organization. When asked if DAOs can help to comply with the law, she replies that “we could speak of DAOs as organizations that constitute a new type of company”, just like privately owned companies or cooperatives.

Their protocols are executed automatically when certain conditions are met, although they do not necessarily have to be legally programmed. Moreover, the anonymity of certain blockchain protocols could even “make it impossible to identify the person or company behind the project”. These are not trivial matters.

Moreover, it is important to note that many of these environments will require new laws, and stricter application of existing, currently dispersed laws. For example, identity theft is highly regulated, but the tools for effective reporting in digital media is still very basic, even more so in spaces such as the metaverse.

Web3, the metaverse and these digital environments represent enormous opportunities and areas of work. They already attract investment and arouse curiosity to turn them into human spaces for exchange. A new forum as were the web pages in Web1 or the social networks in Web2.

None of these innovations was risk-free and neither will the new web be. That is why, with reports such as Megatrends, from the Bankinter Innovation Foundation, we seek to project possibilities and anticipate problems before they arise, announcing the challenges of the new technology. These and other trends in innovation with a great potential impact on people’s lives will continue to be the subject of analysis for Megatrends.