Metaverse will face security threats as old as the web, says Microsoft exec

HoloLens (Image credit: Windows Central)

What you need to know

  • Microsoft's Charlie Bell discussed securing the metaverse in a recent blog post.
  • Bell highlights that the metaverse will face similar security threats to existing technology, including impersonation and data theft.
  • The executive calls for organizations to work together and to implement security policies now before the metaverse takes off.

The metaverse is the trending tech topic this year. Some say it's too early for the metaverse. Others say the term metaverse is just a rebranding of old technology. Regardless of which view is correct, organizations will adopt metaverse technologies over the next ten years. And with the advent of a new, or not so new, technology comes security risks.

Microsoft Executive Vice President, Security, Compliance, Identity, and Management Charlie Bell discussed those risks in a blog post. The exact method of attacks within the metaverse may differ to those seen through email or other current types of technology, but the general concepts will remain the same. Regardless of the medium, malicious actors will try to use deception and human error to gain access to information.

Trying to deceive people isn't new. Bell recalls the early days of email fraud as an example. Of course, email fraud and phishing schemes are still common today. Attacks in the metaverse will use different entry points, but they'll look familiar.

"There is an inherent social engineering advantage with the novelty of any new technology," said Bell. "In the metaverse, fraud and phishing attacks targeting your identity could come from a familiar face – literally – like an avatar who impersonates your coworker, instead of a misleading domain name or email address."

To combat threats in the metaverse, Bell encourages organizations to learn from the lessons of the past. "Organizations need to know that adopting metaverse-enabled apps and experiences won't upend their identity and access control," said Bell. "This means we have to make identity manageable for enterprises in this new world."

The executive encourages multi-factor authentication, passwordless authentication, and other security measures. Many of these are already in use, so IT admins should be familiar with them.

Bell concludes his post with a call to work together. Since there won't be a single metaverse platform, general security measures and policies will be important.

"The problems of yesterday's and today's Internet — impersonation, attempts to steal credentials, social engineering, nation state espionage, inevitable vulnerabilities — will be with us in the metaverse," said Bell. "And it will take the same security community of good faith, norms and teamwork to anticipate and respond to them."

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at