CIOInsider India Magazine

Social media platforms are infamous for making headlines on cyberbullying, stalking, online trafficking, child safety, privacy issues, among other terminologies. If these damages are done by merely deploying tools provided in messaging and other online platforms. Imagine the same in the metaverse, with suspicious individuals invading into someone’s personal space, given the haptic technology that they could make use of. The risks that follow with this technology are believed to feel more real, and currently, there’s competition over incorporating touch as an additional sensation in an immersive reality. Far worse, there are seldom safety measures to rely on during threatening situations. Although there is immense competition among companies in creating their versions of the metaverse, safety doesn't seem to be much in focus. However, Microsoft appears to be focusing on that aspect, clearly showcasing why it could be the first to finish the race in innovating a safe metaverse experience.

According to GlobalData's Social Media Thematic Scorecard, Microsoft is the market leader in data protection and ranks second overall when assessed by the ten themes that matter most to the social media sector. Meta is ranked 21st overall out of 35 firms on the scorecard, and its data privacy activities will have a significant negative impact on its future performance. Despite the fact that there is yet to be part of what a fully developed metaverse will look like, Microsoft now has the upper hand.

Focus on the Existing Capabilities
For starters Microsoft is concentrating on the current restricted skills. This can be clearly seen in its ‘Mesh’, the gateway to the metaverse, which can be used in smartphones and laptops.

Additionally, Microsoft believes that there should be some guidelines to ensure safety.

The tech giant’s executive vice president of security, compliance, identity and management, Charlie Bell, “fraud and phishing attacks targeting your identity could come from a familiar face – literally – like an avatar who impersonates your coworker, instead of a misleading domain name or email address”.

With Microsoft marketing an enterprise-focused metaverse interaction, dangers like phishing and identity theft are an urgent no-no, according to Bell, who feels it's critical to develop core interoperable security principles for metaverse experiences.

Identity is where intruders strike first
This is why figuring out one’s identity in the metaverse is a major priority. Organizations should be aware that implementing metaverse-enabled apps and experiences will not disrupt their identity and access management systems. This means that in this new world, identity must be manageable for businesses.

Making multi-factor authentication (MFA) and passwordless authentication inherent to platforms are examples of constructive measures. This can be seen in the recent multi cloud technologies, the ability for IT administrators to manage access to numerous cloud app experiences that their customers rely on from a single dashboard.

Transparency and interoperability will be key
Stakeholders in the Metaverse should anticipate security concerns and be ready to respond quickly to any upgrades. Terms of service, security features such as where and how encryption is utilized, vulnerability reporting, and upgrades must all be communicated in a clear and consistent manner.

Transparency aids adoption by shortening the learning curve for security.

Our strongest defense is working together
Security researchers, chief information security officers, and industry stakeholders have the same chance as adversaries to comprehend the metaverse's geography and use it to one’s advantage. Metaverse systems will almost certainly build and generate totally new data streams with the ability to improve authentication, spot suspicious or malicious activities, and even revisualize cybersecurity to aid human analysts in making quick decisions.

Bell acknowledges that the metaverse will arrive in "predictable and unexpected ways," and the preceding principles appear to offer a wide framework for approaching the metaverse.

As a result, features, tweaks, and ideas tend to flow back and forth between consumer and commercial experiences, and we can only hope that many of these ideas are being explored as well with Meta's approach to a consumer-centric metaverse experience, since capitalizing on a threat in either case leaves both experiences vulnerable.

It's vital for metaverse firms like Microsoft and Meta Platforms Inc., formerly known as Facebook, to develop new products with security and safety built in from the start, rather than slapped on later after problems arise. With applications ranging from games to entertainment to corporate meetings, developers and users of the program will need to figure out how to govern the metaverse, keeping out hackers, abuse, harassment, and unsuitable content. According to Bell, the software businesses will need to collaborate on identity interoperability, which would allow users to prove they are who they say they are across numerous metaverses, as well as other security tools and procedures. Failing to plan ahead may doom the new technology.

“We have one chance at the start of this era to establish specific, core security principles that foster trust and peace of mind for metaverse experiences. If we miss this opportunity, we’ll needlessly deter the adoption of technologies with great potential for improving accessibility, collaboration, and business,” said Bell.

How are Others Doing?
Governments and other stakeholders should consider human rights in the context of virtual and augmented reality, according to civil society organizations such as Access Now and the EFF.

The regulations, enforcement, and overall moderating processes that platforms employ are another key area that can be improved.

Many businesses, academics, civil society professionals, and regulators are lobbying for new rules and regulations to make activities that are illegal in the physical world illegal in online places as well. Bumble, for example, is campaigning to make cyberflashing illegal. "If indecent exposure is a criminal on the streets, why isn't it on your phone or computer?" its CEO, Whitney Wolfe Herd, has questioned lawmakers.

Image-based sexual assault, in which private photographs are transmitted without agreement, is illegal in India, Canada, England, Pakistan, and Germany, according to human rights lawyer Akhila Kolisetty. Many countries lack legislation to address new types of digital exploitation such as ‘deepfakes’, in which a woman's face is placed on a porn film and then uploaded on social media sites.