A Safe Passage through the Metaverse

There are no boundaries in virtual reality. As the Metaverse expands rapidly, the associated issues of cybersecurity and virtual currency adoption have become hot topics.

The rise of the Metaverse is not only seeing tech giants scrambling to tap new business opportunities, it is also pushing SMEs to try to escape from the limitations of traditional supply chains. Recently, HKTDC Research organised a webinar entitled “Exploring the Metaverse: Cybersecurity and Decentralisation”. Industry experts discussed the heightened cybersecurity risks and the implications for the Hong Kong business community. Discussions also focused on how Hong Kong SMEs can re-architect their businesses for a decentralised era.

Cyberattack Readiness

Louis Chan, Principal Economist (Global Research) at HKTDC Research, pointed out that the Covid-19 pandemic has driven the world to a new normal in which people’s daily life as well as the business models of the whole society are migrating online, so much so that work, shopping, studying and business dealings increasingly take place in cyberspace. In the internet world, cyberattacks taking advantage of network shortcomings are commonplace. Even large corporations are subject to cyber extortion and the privacy of corporate clients is breached. Therefore, in the course of transiting from the new normal to the Metaverse, cybersecurity has become a vital issue. Chan pointed out how widespread the risk of cyberattack has become, saying: “We have noticed a lot of cyberattack activities. From February to May 2020 when the pandemic first started, some one million users globally had already experienced data leaks when using online conferencing software. Their login name, email address and data on social media have either been fraudulently used, or their personal data have been stolen under unknown circumstances. As the pandemic has progressed, the number of related cyberattacks has also increased.”

                                        (Cantonese)

Citing records from the Hong Kong Computer Emergency Response Team Co-ordination Centre (HKCERT), Chan said that, though there had been a slight drop in computer security incidents last year, online frauds called “phishing” remain rampant and there are many cases of “zombie” software paralysing companies’ entire internet systems. He gave his opinion that, in the Metaverse era, SMEs must do a better job of managing cybersecurity risks, saying: “Even before the pandemic, lapses in cybersecurity management have led to one out of five SMEs being on the receiving end of cyber extortion or malware attacks. So we cannot simply rely on installing antivirus software, firewalls or Wi-Fi encryption programmes for protection from cyberattacks. In recent years, in cloud computing management, the most common practice for storing and protecting important data has changed from using “single clouds” to “multiple clouds”, or using hybrid storage when storing data in public and private domains. These would help companies spread out cybersecurity risks.”

Cryptocurrency and NFTs

Blockchain and non-fungible tokens (NFTs) are the “admission tickets” to enter the Metaverse, with the investment value of NFTs drawing increasing market attention recently. Chan said that the decentralisation effect of the Metaverse is getting increasingly apparent. Bitcoin, a virtual currency, is now valued at about US$40,000 (HK$313,538). Explaining some of the factors behind the rise in Bitcoin and similar currencies, Chan said: “For some time, we have noted that, as geopolitical issues become increasingly complicated, and as inflation appears to be rising relentlessly, the role and the value of virtual currencies have grown. Meanwhile, NFTs have been gaining popularity in art circles, the gaming industry and with investors.”

Though NFTs and virtual currencies have both been created from the Metaverse, they are different phenomena. The main difference is that NFTs are a unique type of digital asset. Artistic works such as paintings, drawings, music, voice and video clips can all be converted into NFTs. With NFTs becoming all the rage in the gaming, cultural and creative sectors, many well-known brands have launched various types of NFT merchandise. Chan cautioned that one has to be aware of the risks involved in NFT trading, saying: “While we have the Metaverse as an additional medium to carry out transactions using virtual currencies, we should also be wary of the associated dangers. Therefore, as business in cryptocurrency becomes more popular, SMEs in Hong Kong should plug security loopholes in preparing for and carrying out transactions, or seek the advice of experts during the process to ensure safe and reliable online transactions.”

Anti-phishing Tools

Hoplite Technology, a Hong Kong data technology start-up, specialises in developing anti-phishing tools to help protect Asia-Pacific SMEs from hacker attacks. Antony Ma, founder and CEO of the company, is a pioneer in cybersecurity software as a service (SaaS). He pointed out that phishing emails and SMS messages are common forms of cyberattack, in which cybercriminals impersonate a trusted party to enquire about sensitive information. Without the means to verify sender identity, it is difficult for ordinary SMEs and smartphone users to spot phishing activities. Once you use your mobile to open the phishing SMS message or email, the fake website it is linked with will try to steal your personal login information. Many new phishing scams have already gone regional and, in many cases, it is difficult to prevent scams using antivirus software. Ma advised people to be careful when opening mobile SMS and email links.

Pointing out that a great majority of cyberattacks occur randomly, Ma said that the first thing an SME should do to avoid a cyberattack is upgrade its cybersecurity level and avoid putting itself in a high-risk situation. He added that the next thing to do was to minimise human risks, saying: “When an employee uses the company’s computers or network, as soon as they open software or email attachments by mistake and release computer viruses, hackers will be able to take advantage of this type of human error to carry out cyberattacks. Since web browsers are the primary target for hackers, when we use our browsers to open emails or login to our internet bank, we are already facing the risk of attack.”

Authority Setting

Ma said that Web3, the third-generation internet, is a decentralised cyberspace based on blockchain technology and is also the fundamental building technology that drives the Metaverse. When people enter the Metaverse, they should handle security problems individually. There are, for example, hot wallets and cold wallets, which are primarily distinguished by the operational interface involved. Hot wallets are connected to the internet through a mobile phone or computer. Cold wallets, on the other hand, are not connected to the internet and need the plugging in of physical devices like USBs to carry out transactions. This minimises the chances of being hacked.

Explaining the role of these devices, Ma said: “These blockchain-based wallets allow rapid transactions worldwide without going through any intermediary. As such, they are important media for decentralisation. The greatest application of blockchain technology is digital currencies. Currently, there are many types of digital currencies in the international market, each targeting specific existing problems. MetaMask is by far the most widely used browser wallet. But every time an SME or individual carries out a related transaction, they have to calculate the price again at the time of the transaction. They should also pay attention to the authority setting or else hackers can use the opportunity to steal all their money.”