{"id":16927,"date":"2023-02-06T14:32:56","date_gmt":"2023-02-06T13:32:56","guid":{"rendered":"https:\/\/www.show.it\/cyber-insights-2023-the-coming-of-web3\/"},"modified":"2023-02-06T14:32:56","modified_gmt":"2023-02-06T13:32:56","slug":"cyber-insights-2023-the-coming-of-web3","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/cyber-insights-2023-the-coming-of-web3\/","title":{"rendered":"Cyber Insights 2023 | The Coming of Web3"},"content":{"rendered":"<\/p>\n
\n
\n
\n

About SecurityWeek Cyber Insights |<\/strong> At the end of 2022,\u00a0SecurityWeek\u00a0liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today \u2013 and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs.<\/em><\/p>\n<\/div>\n<\/div>\n

\"Cyber<\/figure>\n<\/div>\n

SecurityWeek Cyber Insights 2023 | The Coming of Web3 \u2013 <\/strong>Web3 is a term that has been hijacked for marketing purposes. Since web3 obviously represents the future internet, claiming to be web3 now is a claim to be the future today. Such claims should be viewed with caution \u2013 we don\u2019t yet know what web3 will be.<\/p>\n

Two of the biggest culprits are the cryptocurrency and NFT investment industries, which both use blockchains. They have claimed to be web3 so vociferously that some pundits believe that web3 is blockchain. This is way too simplistic \u2013 these are just applications running on one technology that may become one of the web3 building blocks.\u00a0<\/p>\n

Before we discuss the evolution of, and issues with, web3 in 2023 and beyond, we\u2019ll first define one specific view of its basics.\u00a0<\/p>\n

A tentative definition of web3<\/strong><\/h2>\n

Web3 will be the next fundamental characterization of the internet. Currently, its characteristics are clouded by confusion because it doesn\u2019t exist. We won\u2019t know what it is, until it is. Nevertheless, we can make some basic predictions because it will evolve from the current web2 and is bound by the rules of evolution. So, we must start with where we are to predict where we are going.<\/p>\n

Web1<\/strong> can be described as the static web. It was designed to deliver static information from information creators to information consumers. We still use web1.<\/p>\n

Web2<\/strong> can be described as the interactive web. It was designed to allow creators and consumers to interact. Three major examples are online banking, ecommerce, and social media. This is what we have now: a combination of web1 and web2.<\/p>\n

Web3<\/strong> can be described as whatever comes next. It will be an attempt to improve on web1 and web2. Most likely it will be an attempt to correct perceived faults or weaknesses in web2 and improve the users\u2019 internet experience. We\u2019ll focus on these characteristics in our projections for web3 focusing on decentralization and the metaverse \u2014 but remember that at this stage, it is still just conjecture.<\/p>\n

Decentralization<\/strong>
<\/strong>A perceived fault in web2 is that it allows data to be centralized and focused in the hands of a few mega corporations. Big tech, including companies like Facebook, Microsoft, Google, and Apple own most of the world\u2019s available data. More specifically, they own everybody\u2019s personal information.<\/p>\n

This is a problem both politically and socially, and is the primary driver for legislation designed to prevent big tech (and medium tech) from misusing and abusing personal data. GDPR, CCPA (and other privacy legislation), and the FTC\u2019s increasing \u2018overview\u2019 of the misuse (which it defines as malpractice), can be seen as political attempts at correcting this fault in web2. We can add that the centralization of data is also a primary cause of cybercriminality, providing Aladdin\u2019s Caves of rich pickings for criminals.<\/p>\n

A better solution would be for the internet itself to reduce the stranglehold of big tech by becoming decentralized \u2014 companies do not need to own data to be able to confirm identity. Isolated attempts at decentralization already exist. Cryptocurrency (technically, at least) is an attempt to decentralize finance. The interplanetary file system (IPFS) is an attempt to decentralize data held in individual files.<\/p>\n

One likely component of web3 will be a decentralized internet \u2014 and the distributed ledger implemented as blockchains is the most likely route. Big tech will not support this evolution.<\/p>\n

Immersive<\/strong>
<\/strong>A move towards a more immersive internet experience is already in progress. The improvement on web2 is that users wish to move beyond interacting with the internet to becoming part of the experience. This development can be seen in the evolution of the gaming industry \u2014 from text-based adventure games, to video platform games, to 3D games and now virtual reality gaming.<\/p>\n

But it is also apparent in business. Covid-19 created a need for remote conferencing. This was already available via telephone conferences; but the rapid rise of videoconference tools such as Zoom demonstrates users\u2019 wish to feel more involved \u2013 or integrated with the experience. The next logical step is for videoconferencing to evolve into virtual reality conferencing using the same tools and techniques developed for virtual reality gaming.<\/p>\n

Web2 is already evolving towards an immersive internet, and \u2018immersive\u2019 is likely to be another component of web3. The current ultimate view of an immersive experience is the metaverse.<\/p>\n

Web3<\/strong>
<\/strong>The evolutionary pressures on the internet seem to be focusing on two characteristics: decentralization and immersiveness. This is how we will describe the next internet. Note that neither characteristic is dependent on the other, but there is synergy in their marriage. Metaverses do not need to be decentralized but can become so using distributed ledger technology (DLT). Metaverse and DLT are likely to be the key components of web3. The evolution will not be completed in 2023 (in fact, it has barely begun), but there will be much progress in that direction.<\/p>\n

But note also that there are competing pressures. Big tech recognizes the value of the metaverse concept (Facebook has even changed its name to Meta), but big tech will not want decentralized metaverses where they lose ownership of users\u2019 data.<\/p>\n

As it evolves, web3 will contain and increase all the security issues of web2 \u2013 and perhaps add a few more.<\/p>\n

Metaverse<\/strong><\/h2>\n

The technology waiting game<\/strong><\/h3>\n

The excitement with which 2022 greeted the dream of the metaverse dissipated into disillusionment over the course of the year. The technology simply isn\u2019t ready to deliver on the dream; but that dream remains.\u00a0<\/p>\n

Massimo Paloni, chief operations and innovations officer at Italian luxury brand Bvlgari, explained both the problems and the promise of the web3 metaverse. When you buy a product, he said, especially a luxury product, you go to the store not just for the product, but also for the experience. The experience is \u2018storytelling\u2019 by the vendor \u2014 and all storytelling changes with advances in technology. But the way that technology is used must always be aligned with the vendor DNA.<\/p>\n

\u201cOur mission is to be sure that the use of new technology \u2013 web3, blockchain and metaverse \u2013 is aligned with our value proposition. That is the key,\u201d he said. Web2 ecommerce fails for the luxury brands. \u201cEcommerce is a bidimensional experience. It kills the magic of going to the store. All ecommerce is beautifully crafted \u2014 but ultimately all the stores are similar.\u201d<\/p>\n

The promise of the metaverse is that it will allow vendors, especially luxury vendors, to maintain their own storytelling in engaging with their customers. Better engagement, which isn\u2019t supported by web2, will lead to higher sales. But the problem is the technology is new and evolving, and developers still don\u2019t know what might be available in three- or four-months\u2019 time \u2013 nevermind a few years.<\/p>\n

\u201cContent is absolutely king here \u2013 the technology will undoubtedly become better and better, but this is not enough in itself,\u201d says Lars Seier Christensen, chairman of Concordium and founder of Saxo Bank. \u201cUsers need to achieve real benefits to embrace it \u2013 across areas like entertainment, better access to goods and services, valid commercial models and otherwise unachievable experiences.\u201d What we\u2019ve seen so far over the last year or two has failed to deliver this, and quickly became boring and irrelevant.<\/p>\n

\u201c2022 wasn\u2019t a good year for the metaverse,\u201d adds Orlando Crowcroft, tech and innovation editor at LinkedIn. \u201cTwo of the most prominent metaverse platforms \u2013 Decentraland and Sandbox, with valuations of over $1bn each \u2013 were revealed to have under 1,000 daily active users. And Meta\u2019s Horizon World was so unpopular that even staff had to be pressured to use it.\u201d<\/p>\n

But he added, \u201cMetaverse enthusiasts should take heart. In 2023, we will see the metaverse take off \u2013 in the professional world. VR and AR are being used right now to train pilots and surgeons. Expect employers, universities, and training programs to jump into the metaverse in even bigger ways in the new year.\u201d<\/p>\n

Crime in the metaverse<\/strong><\/h3>\n

Just as the metaverse is a new concept, crime in the metaverse is an unknown quantity. \u201cVirtual cities and online worlds are new attack surfaces to fuel cybercrime,\u201d warns Aamir Lakhani, cybersecurity researcher and practitioner for Fortinet\u2019s FortiGuard Labs. He is concerned that a metaverse will be an open door to new cybercrime in uncharted territories.<\/p>\n

\u201cFor example, an individual\u2019s avatar is essentially a gateway to PII, making them prime targets for attackers. Because individuals can purchase goods and services in virtual cities, digital wallets, crypto exchanges, NFTs, and any currencies used to transact, offer threat actors yet another emerging attack surface,\u201d he said.<\/p>\n

He also worries about biometric hacking. The AR- and VR-driven components of virtual worlds may make it easier for a cybercriminal to steal fingerprint mapping, facial recognition data, or retina scans. Finally, he added, \u201cThe applications, protocols, and transactions within these environments are all also possible targets for adversaries.\u201d<\/p>\n

Kaarel Kotkas, founder and CEO at Veriff, sees trust in identity as the biggest problem. \u201cIf the metaverse is to be successful,\u201d he said, \u201cthere needs to be a guarantee that users are who they say they are.\u201d<\/p>\n

\u201cIf the Metaverse is to live up to even a portion of its hype,\u201d adds Padraic O\u2019Reilly, co-founder and CPO at CyberSaint, \u201csecurity will have to be baked in from the start. That is, it should be part of the conception. There should be a kind of cyber charter from the largest participants that stresses transparency, and laws for individuals. Cyber is everyone\u2019s responsibility in the future.\u201d<\/p>\n

He also believes that regulation will be required over user identity. \u201cTo ensure the security of experiences and transactions in the metaverse, zero trust architecture and more legal protections (blockchain is too authority averse) are required. Without a central authority backing the purported ironclad data integrity of the blockchain, it will remain vulnerable.\u201d<\/p>\n

It is worth noting, however, that a \u2018central authority\u2019 is at least conceptually contrary to the ideal of decentralization.<\/p>\n

Patrick Harr, CEO at SlashNext, continues this theme of identity. \u201cArtificial intelligence solutions will be needed to validate the legitimacy of identities and controls,\u201d he says. \u201cThis new type of digital interface will present unforeseen security risks when avatars impersonate other people and trick users into giving away personal data.\u201d<\/p>\n

\n
\"Web3<\/figure>\n<\/div>\n

But of course, AI will be used for attack as well as defense. Deepfaked avatars supported by AI chatbots will be used. \u201cWe can expect to see more of these holographic-type phishing attacks and fraud scams as the metaverse develops,\u201d he continued. \u201cIn turn, folks will have to fight AI with stronger AI because we can no longer rely solely on the naked eye or human intuition to solve these complex security problems.\u201d<\/p>\n

Ultimately, security in the metaverse and web3 in general is both a threat and an opportunity. Traditionally, security is largely reactive \u2013 we fix things after they have been exploited. But \u201cWith web3 we have the opportunity to change the game in terms of security,\u201d suggests Rodrigo Jorge, CISO at Vtex, \u201cand construct something that has security by design, and is planned from user experience to the system architecture and infrastructure.\u201d\u00a0<\/p>\n

He believes security professionals and companies have the opportunity to adopt security in this early stage so that when web3 becomes popular, it will be safe.\u00a0<\/p>\n

The progress of decentralization via blockchain<\/strong><\/h2>\n

\u201cWeb3 reflects an architectural shift decentralizing management of platforms. As platforms decentralize, the organizations that manage them will have to find ways to federate replacement controls for those they had centrally deployed,\u201d says Archie Agarwal, founder and CEO at ThreatModeler. \u201cWhen organizations design such tectonic shifts in their architecture (like the aggressive decentralization of web3), it\u2019s incumbent on them to model the threats and adjust their security controls that such a shift will expose.\u201d<\/p>\n

Value from cryptocurrency technology<\/strong><\/h3>\n

While cryptocurrency (as opposed to cryptocurrency technology) is peripheral to a discussion on web3, it cannot be dismissed entirely. Bitcoin demonstrated the security available in the blockchain implementation of the distributed ledger. But it is blockchain rather than cryptocurrency that is important to the development of web3.<\/p>\n

Merav Ozair, a fintech professor at Rutgers Business School, commented on Nasdaq (December 20, 2022), \u201cThere is no doubt that the benefits of blockchain technology and web3 are immense. Jamie Dimon, CEO of JPMorgan, who has bashed bitcoin, has always been one of the great supporters of blockchain technology. JPMorgan is one of the leading companies in web3 and has made significant investments in blockchain technology, web3 and the metaverse since 2015.\u201d<\/p>\n

She also notes that the value of decentralization (in this case, cryptocurrency) has been demonstrated during the Ukraine\/Russia conflict. The Ukrainian government has asked for donations in cryptocurrency, which has been adopted as a primary currency in the country.\u00a0<\/p>\n

\u201cThese instances underscore the promise of blockchain when Bitcoin, the first blockchain, was launched in January 2009, that a decentralized, peer-to-peer system, accessed by everyone, with no need for intermediaries, can empower everyday people: a system that is for the people, by the people,\u201d she explained. This is the primary advantage of decentralization.<\/p>\n

A security weakness in the unfolding web3 will come from its \u2018newness\u2019. \u201cLooking forward, attackers are again adjusting their tactics to target individuals in the new web3 world,\u201d comments Hank Schless, director of global campaigns at Lookout. \u201cSince web3 is still a new concept for most people, attackers can rely on the unfamiliar environment to increase the likelihood of success. This is a common tactic, as targeted individuals may not know exactly what red flags to look for in the same way they do with a suspicious social media message.\u201d<\/p>\n

Christian Seifert, research at Forta, takes this further. \u201cThe current state of the De-Fi market [currently the primary implementation of decentralized blockchain], especially with mounting losses due to hacks and rug pulls, has reduced some of the trust that investors previously had in this industry,\u201d he said.<\/p>\n

Security issues\u00a0<\/strong><\/h3>\n

\u201cI believe the problem will continue to persist unless better security measures are implemented across the board. In this regard, we need an overhaul of the security strategies prevalent today to provide better end user privacy (via the use of, say, wallets) and improved protocol safety.\u201d<\/p>\n

In particular, he recommends \u201croutine audits, offering bug bounties, maximizing monitoring and incident response \u2013 potentially via the use of future-ready technologies such as artificial intelligence and machine learning \u2013 and offering clients cyber insurance.\u201d<\/p>\n

Financial institutions\u00a0<\/strong><\/h3>\n

Since the blockchain was originally developed for use in the finance sector, it should be no surprise that the finance industry is one of the more interested sectors. \u201cThere is a major trend of blockchain adoption in large financial institutions,\u201d says Nick Landers, director of research at NetSPI, specifically citing Broadridge, Citi and BNY Mellon.\u00a0<\/p>\n

\u201cThe primary focus,\u201d he continued, \u201cis custodial offerings of digital assets, and private chains to maintain and execute trading contracts. Despite what popular culture would indicate, the business use cases for blockchain technology will likely deviate starkly from popularized tokens and NFTs.\u201d Instead, he believes, industries will prioritize private chains to accelerate business logic, digital asset ownership on behalf of customers, and institutional investment in proof-of-stake chains.<\/p>\n

By the end of next year, he expects that every major financial institution will have announced adoption of blockchain technology, if it hasn\u2019t already. \u201cWhile Ethereum, EVM, and Solidity-based smart contracts have received a huge portion of the security research, nuanced technologies like Hyperledger Fabric have received much less. In addition, the supported features in these business-focused private chain technologies differ significantly from their public counterparts.\u201d\u00a0<\/p>\n

It is worth noting that private blockchains are not decentralized blockchains \u2013 which begs the question, are they really web3?<\/p>\n

Either way, this ultimately means more attack surface, more potential configuration mistakes, and more required training for development teams. \u201cIf you thought that blockchain is \u2018secure by default\u2019,\u201d added Landers, \u201cthink again. Just like cloud platform adoption, we\u2019ll see the promises of \u2018secure by default\u2019 fall away as unique attack paths and vulnerabilities are discovered in the nuances of this technology.\u201d<\/p>\n

Blockchain and social media<\/strong><\/h3>\n

Dissatisfaction with big tech\u2019s control of social media has led to the exploration of alternative decentralized approaches. Mastodon, as an alternative to Twitter, is one example. It is decentralized but based on federation rather than blockchain. \u201cInstant global communication is too important to belong to one company,\u201d explains the Mastodon website. \u201cEach Mastodon server is a completely independent entity, able to interoperate with others to form one global social network.\u201d<\/p>\n

But a blockchain \u2013 more specifically a multichain \u2013 social media alternative may appear in 2023. On December 20, 2022, Beepo officially closed the beta version of its decentralized app, and expects to launch in early 2023.<\/p>\n

At the beginning of December 2022, Concordium announced an agreement with Beepo to incorporate its native token, CCD, as a means of payment on the platform. \u201cBeepo, a blockchain-based platform powered by E2EE and an AI\/ML algorithm with a focus on privacy and security,\u201d explained Concordium, \u201cis protected by end-to-end encryption technology and autonomous moderation, ensuring a totally secure environment for user interactions.\u201d<\/p>\n

The Beepo App offers a DApp (decentralized app) browser, tools for independent contractors, features for content creators, and a multichain blockchain infrastructure that lets users engage with various tokens and multiple networks. It is a response to growing user concern over the controlling and often abusive concentration of personal data within web2 big tech firms.<\/p>\n

Web3 progress in 2023\u00a0<\/strong><\/h2>\n

The blockchain part of web3 (disregarding the question of whether private blockchains can even be considered part of web3) will probably develop faster than the metaverse during 2023. William Tyson, associate analyst in the thematic intelligence team at GlobalData, foresees a metaverse winter in 2023. He believes the immaturity of enabling technologies like virtual reality (VR) and artificial intelligence (AI), as well as cooling consumer interest, will prevent the metaverse from being adopted widely in the next year.<\/p>\n

He adds, \u201cThe absence of a single vision for the metaverse means that its future is malleable and uncertain. Its extraordinary long-term potential is widely recognized, which is why big tech is continuing to funnel billions into its creation\u2014 despite the absence of short-term return on investment. The concept will experience a cold period, but this provides an opportunity for underlying technologies to develop.\u201d<\/p>\n

Meanwhile, the blockchain part of the equation will pick up steam in 2023. \u201cWe don\u2019t have a defining trend for web3 in 2023, but that what we do have instead is an undercurrent of heads-down building and experimentation being done both by developers as well as traditional brands, setting the stage for a really exciting 2024,\u201d says Dan Abelon, partner at Two Sigma Ventures.\u00a0<\/p>\n

\u201cOn the developer side, one area to watch is messaging: enabling decentralized services to communicate directly with end users,\u201d he adds. \u201cOn the brand side, I\u2019m excited to see more experiments like those by Reddit and Instagram in recent weeks, that will help bring web3 into the mainstream.\u201d<\/p>\n

Metaverse + blockchain synergy<\/strong><\/h2>\n

The metaverse and blockchains are not interdependent \u2013 each can exist without the other. However, a decentralized metaverse will require blockchains. Consider a metaverse shopping mall. Like the physical mall, it will comprise multiple businesses operating effectively in one place. In the physical world, shoppers walk from one shop into another. In a web2 shopping mall, they would need a different URL and to log on and present identity credentials to each store.<\/p>\n

In a decentralized metaverse, with identity held in a trusted blockchain, identity verification could simply be the presentation of an NFT-like token. This would confirm the user\u2019s identity without requiring personal details to be given to every business in the metaverse \u2013 allowing the user to travel freely between the organizations of the mall metaverse.<\/p>\n

Within each \u2018shop\u2019, three-dimensional images of goods can be investigated. Shopping baskets could be maintained by the collection of NFTs associated with the goods, and could be instantly purchased via a cryptocurrency or NFT from the user\u2019s wallet.<\/p>\n

The security issues are primarily fraud via user impersonation, although the user identity is protected by blockchain. One thing that is certain, however, is that as this new cyber world evolves, criminals will be looking for new ways to attack it.<\/p>\n

Will web3 (with metaverse) come to pass?<\/strong><\/h2>\n

Web3 will happen. What it will look like is not yet known. Blockchain technology is expanding beyond just cryptocurrency, and the use of non-investment NFTs is growing.\u00a0<\/p>\n

The attraction of a metaverse is undeniable \u2013 but we\u2019re going through a phase of disillusionment right now. This is perhaps typified in the disappointment of Meta\u2019s legless cartoon avatar torsos in its Horizon Worlds metaverse.<\/p>\n

But we should remember that all of this is new technology with kinks. The AR and VR headsets are still developing; the software development is still new. The potential for the metaverse is too great to ignore. Its synergy with decentralization makes it especially attractive.<\/p>\n

It won\u2019t materialize for many years \u2013 but development of web3 will continue through 2023 and beyond. The immersive metaverse rather than blockchain will be the defining technology.<\/p>\n

Related<\/strong>: Securing the Metaverse and Web3<\/a><\/p>\n

Related<\/strong>: Hackers Steal Over $600M in Major Crypto Heist<\/a><\/p>\n

Related<\/strong>: Protecting Cryptocurrencies and NFTs \u2013 What\u2019s Old is New<\/a><\/p>\n

Related<\/strong>: How Blockchain Will Solve Some of IoT\u2019s Biggest Security Problems<\/a><\/p>\n

The post Cyber Insights 2023 | The Coming of Web3<\/a> appeared first on SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

About SecurityWeek Cyber Insights | At the end of 2022,\u00a0SecurityWeek\u00a0liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today \u2013 and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]<\/p>\n","protected":false},"author":2,"featured_media":16928,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[189,27,190,115,191],"tags":[],"class_list":["post-16927","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain","category-cybercrime","category-metaverse","category-threat-intelligence","category-web3"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16927","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16927"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16927\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16928"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16927"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16927"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16927"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}