Treading Sensibly - Not Blindly - Into the Metaverse
Originally published by KPMG here.
Written by David Ferbrache, Leadership, Global Head of Cyber Futures, KPMG in the UK.
The metaverse is here. Organizations have the opportunity to leverage the metaverse to engage with customers and to experiment sooner, rather than later, to create a competitive advantage. Bold predictions already suggest that hundreds of millions of virtual reality devices could be in use globally within the next 5 years as eager consumers flock to the virtual worlds (PDF 4.60 MB).
The metaverse’s immersive environment is already bringing people together in remarkable new ways. Digital avatars and identities are transforming activities such as socializing, shopping, gaming, fitness, education, work, training and entertainment. And as consumers dedicate more time — and money — to virtual worlds, different brands and products are expanding to cater to this new reality. The metaverse marketplace is projected to exceed US$783 billion by 20241. The World Economic Forum is committed to helping define and build an open and inclusive metaverse. And as the world’s leaders meet in Davos, discussions on the possibilities of the metaverse are on the agenda.
In this expanded universe of virtual and augmented realities, there is the potential to capture massive amounts of biometric data and detailed behavioral profiles of every user, not least through their interactions with increasingly sophisticated artificial intelligence and machine learning systems. The proliferation of digital avatars and devices is already unleashing a new level of privacy and identity theft risks, and I believe these game changing capabilities present challenges that warrant serious attention by regulators and organizations.
Until now, access to online channels has typically required no more than usernames and passwords to make desired connections. In the metaverse, complex biometrics could fall into the wrong hands as eliciting key security information through immersive interactions becomes even more straightforward than social engineering in the real world. Identity theft is a genuine concern complicating the investigation of crimes in both real and virtual worlds.
Given metaverse technology’s vast potential to interact with users, capture data, communicate and influence, there remains a notable lack of standards to adequately protect users. This is in part, a reflection of the general lack of industry-wide standards underpinning the development of metaverse architecture itself.
A Troubling Lack of Standards Needs to be Addressed
A major challenge related to metaverse standards lies in the development path it has taken when compared to the internet. The internet was born in a relatively open environment, its standards evolving over time as it expanded from its origins in academia. The process provided transparency over standards being adopted — the multi-stakeholder governance model we see today, and a societal debate over many aspects of our interactions with it.
The slow emergence of metaverse standards, however, has been proprietary, featuring a relatively closed environment and a lack of scrutiny regarding appropriate use, risks and rules. This development path raises the question of how the user community — as well as businesses and regulators — can develop much needed interconnection and data-management standards within an open, public and transparent environment.
By the time you take a brief walk along a virtual city road to browse the storefronts, for example, the metaverse technology could have already identified your preferred brands, shopping behavior, favorite color and much more. We need to be asking ourselves important questions about how to protect users regarding privacy and identity theft as well as the unethical manipulation of consumer behavior.
With social engineering being the biggest root cause of today's cyber-attacks, the metaverse presents an easier opportunity for attackers to launch sophisticated, persuasive and immersive social engineering attacks. I also expect many crimes in the real world to find new and surprising parallels in the metaverse.
Businesses Can Show Leadership on Managing the Metaverse
Ultimately, how do we define acceptable social and regulatory standards of behavior within the metaverse’s unique environment? It’s a pressing challenge that represents a critical need for broad and immediate public debate.
It’s worth noting that social media regulation is just beginning to catch up to the rapid explosion of its channels and capabilities. While the metaverse is poised to take off amid the proliferation of new capabilities and growing public awareness of the virtual future, the journey to effectively manage the metaverse has yet to truly begin.
A co-regulation approach could foster both public debate and collaborative ‘sandbox-style’ initiatives between private industry and government in order to develop appropriate regulatory models. Public dialogue is already heating up regarding the use and protection of online consumer data as cyber threats and headline-making attacks grow increasingly sophisticated. However, these challenges only increase in the metaverse with its unprecedented capabilities to collect and analyze biometric user data.
With the monetization of the metaverse still to come, I believe the business community should seek to play a leadership role in driving the dialogue on managing this new and unusual space. Exploring and implementing appropriate guidelines can serve not only the public interest, but also the interests of businesses as they seek to protect their reputation and increase their brand power as well as securing their intellectual property.
I believe that smart businesses will see the opportunity to take the lead on consumer protection while also leveraging the meaverse to engage with customers and ultimately differentiate themselves in the global marketplace. Amid endless new possibilities to engage in virtual worlds, there is no time to lose on the indispensable need to drive dialogue — and action — toward a broad-ranging, well informed framework that truly protects consumers and organization's brands and IP for today and tomorrow.
So, tread sensibly and take those first steps wih confidence.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.