Virtual reality is emerging as the technology of the future – but what threats and challenges could it present to business, consumers and government?
For Srinivasan CR at Tata Communications, security teams should already have the view that security systems are “living and breathing entities which are constantly updating, sweeping the networks and devices they protect for vulnerabilities, finding and repairing them before attackers do.” Security teams should not get bogged down in the fantastical, but treat VR as another connected device with different security requirements and threats.
“Every device connecting into a network is a potential vulnerability which can be used to infiltrate the network itself and other devices connected to it. So, cyber security solutions must evolve to secure those new devices in order to protect virtual reality applications,” said Tata’s Srinivasan CR.
When it comes to data and the physical harm of users, government and industry bodies may need to step up to the plate – which is easier said than done if you look at the current standards quagmire in the IoT industry. As Ben Smith, the CEO of Laduma who is billed to speak at PromaxBDA UK, told CBR: “There are no uniform guidelines for privacy protection or means of accountability, outside those laws already in place for traditional technologies – and as new developments are rushed to market in order to gain a lead on competitors, there is a risk that mistakes are being made.”
The experts which CBR talked to expect watchdogs like the National Cyber Security
Centre to issue guidelines and policies, as well the continuation of the ICO to regulate any breach of data protection laws.
Alex Matthews envisions “some strict PCIDSS-like security standards for VR services where financial operations are involved”, as well as “security audits for VR objects and worlds, similar to penetration testing used currently for web-sites and other critical applications.”
However, this is all really speculation, as you cannot form a defence when you have no experience of the attack. This brings the VR security issue full-circle; the technology is still in its infancy and there are not yet any significant data points available in order to form an attack of defense against risks.
However, at its core VR is a connected technology. We know that connected technologies create a greater attack surface for hackers – hackers who are looking to turn a profit on personal and valuable data. We can assume that hackers will want the greater data sets offered by virtual reality, leading to more advanced identity theft and data leaks.
Security teams need, like in other areas, to adopt a when not if attitude to VR – security needs to be constantly evolving and the emerging threats identified, assessed for risk and monitored. Government and industry also need to look at this emerging tech and try to create a security benchmark for both consumer and business.
Virtual Reality, even now, is enhancing our digital experience – but it is also enhancing the risks to our digital identity and creating a new revenue stream for those with malicious purposes. As we enter this new virtual world, we must remember that our virtual actions could have far-reaching real-world consequences.