Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

What Happens When the Metaverse Enters Your Attack Surface?

cybersecurity in the metaverse: top 4 worries for 1,500 cybersecurity, IT and DevSecOps pros

Tenable polled 1,500 cybersecurity, IT and DevOps professionals about their top concerns in the nascent virtual reality worlds of the metaverse. Here's what we found out.

Here at Tenable, we often discuss the challenges faced by cybersecurity professionals as they grapple with protecting an ever-expanding attack surface that includes on-premises infrastructure as well as public and private clouds, identity and privilege management systems and web applications. Soon to be added to that mix: the metaverse.

It’s easy to think of “the metaverse” as one monolithic online world of virtual reality (VR) and augmented reality (AR) experiences. But such framing couldn’t be farther from the truth. The company formerly known as Facebook, which has rebranded itself as Meta, is just one of many organizations exploring the potential of the metaverse. There is the opportunity for unlimited metaverse instances to be built by various platform developers and vendors. The metaverse is calculated by Bloomberg to be an $800 billion market as early as 2024, driven by video gaming, live entertainment and sports content and social networking opportunities.

While that’s exciting news for businesses looking for creative and groundbreaking ways to engage customers online, it’s also alarming to those whose primary role is to keep organizations secure.

To fully understand how prepared organizations are to either create their own metaverse initiatives or participate in the worlds created by others, Tenable conducted an in-depth study across Australia, the United Kingdom and the United States. The study, “Measure Twice, Cut Once: Meta-curious Organizations Relay Cybersecurity Concerns Even as They Plunge Into Virtual Worlds,” was conducted by Opinion Matters on behalf of Tenable and surveyed 1,500 professionals representing roles in cybersecurity, DevOps and IT engineering.

Almost seven in 10 (68%) respondents stated that their organizations have plans to do business in the metaverse over the course of the next six to 36 months. A further 23% of all respondents have already begun developing initiatives in the metaverse in the past six months. Yet, many organizations are seriously concerned about the security associated with virtually hosted applications; four in 10 respondents (41%) indicated that security is the top consideration — even more than macroeconomic conditions — affecting their organization’s metaverse investment decisions.

Although many of the emerging technologies being used to access the metaverse (such as AR, VR and artificial intelligence) are familiar to security professionals today, the ability to secure them while operating in a shared virtual environment is not assured. Only 48% of respondents are very confident that existing cybersecurity measures in their organizations are sufficient to curb cyberthreats in the metaverse. Nine in 10 respondents agree that organizations need to adequately develop a cybersecurity framework prior to offering services in such a virtual environment.

Four key areas of cybersecurity concern

Respondents cited the following cybersecurity concerns about doing business in the metaverse:

  1. Cloning of voice and facial features and hijacking video recordings using avatars. The vast majority of respondents (79%) say it is very likely or somewhat likely that the cloning of voice and facial features and the hijacking of video recordings using avatars will occur in the metaverse.
  2. Invisible-avatar eavesdropping or 'man in the room' attacks. Vulnerabilities in VR software could open the door to “peeping Tom” scenarios, with (78%) of respondents saying such attacks are very likely or somewhat likely.
  3. Conventional phishing, malware and ransomware attacks. The same cyberthreats that organizations currently contend with will also carry into various metaverses. The vast majority of respondents (81%) say it is likely or somewhat likely that conventional phishing, malware and ransomware attacks might occur in the metaverse.
  4. Compromised machine identities and application programming interface (API) transactions. Almost four in five respondents (78%) think it is very likely or somewhat likely that compromised machine identities and API transactions might occur across metaverses.

Learn more

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until February 28th.
Buy a multi-year license and save more.

Add Support and Training