The IT Pro Podcast: How secure is metaverse tech?
If we're not careful, the risks of this new frontier could outweigh the rewards

Metaverse technology: although it still hasn’t found its feet, it’s the headline-grabbing area of development that has seen massive investment in just the past few years. Meta has spent over $15 billion on the tech through its Reality Labs division, and Microsoft, Apple, Nvidia, and more have all begun development using variations on metaverse tech.
But like any new technology, metaverse tech will also usher in new security risks, from innovative threat actors and existing vulnerabilities inherited by building this new frontier on legacy architecture.
This week, we spoke to Rick McElroy, Principal Cyber Security Strategist at VMware, about the opportunities and challenges metaverse tech, and what we can do while it’s still in its infancy.
Highlights
“The cool part of all of it is, we actually get to design it. Right? Like, we're humans, we're now working on some in the future. And so we do get to look at the past, have those design considerations? And then really move forward with like, how can we start to fundamentally get rid of some of these things from the beginning, because we know that they're going to happen, right? And so I hope the opportunity is exciting for folks that are working on those projects.”
“I can tell you, I've talked to no CISOs over the last 18 months where it's at the top of their project list. Generally speaking, ransomware is still at the top of that list. Again, the security fundamentals of being able to patch as quickly as possible, and then of course, recover from some types of these attacks.”
“We're not writing a new internet protocol for the metaverse, it's going to be IPv6 and IPv4. Generally speaking, it'll be IPv6, because it's a lot of new companies that are adopting it. Manipulation of that TCP/IP stack is still real, those threats exist all the time, adversaries take advantage.”
Read the full transcript here.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Footnotes
- What is Web3 and will it revolutionise the internet again?
- Microsoft signs $22bn deal to supply US Army with HoloLens devices
- Apple's mixed reality headset could debut in 2022
- Why AR, not VR, is the next big thing in business
- Meta's earnings are 'cause for concern' and 2023 looks even bleaker
- The future of virtual assistants might lie in the metaverse
- Did the Pentagon really ban Furbys?
- What is metaverse security?
- How to protect your endpoints
- If not passwords then what?
- What is TCP/IP?
- Whatever happened to IPv6?
- What is zero trust?
- What is GDPR? Everything you need to know, from requirements to fines
- What is the California Consumer Privacy Act (CCPA)?
- Understanding PCI compliance: The role of the channel
- What is Wi-Fi 7?
- US unveils next-gen encryption tools to withstand quantum computing attacks
- Seven steps to keeping metaverse meetings safe and secure
- Meta deepens metaverse partnership with Microsoft and Accenture, still lacks compelling business case
- Immersive tech can be more than just a gimmick
- Siemens and Nvidia partner on industrial metaverse concept
- Into the metaverse: Everything we learned from our virtual tour
- The metaverse is a waste of time, effort and processing power
Subscribe
ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.
For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
By Nicole Kobie
-
Google tells some remote workers to return to the office or risk losing jobs
News Google has warned remote workers will need to return to the office or else lose their jobs, according to reports.
By Ross Kelly
-
Edge devices are now your weakest link: VPNs, firewalls, and routers were the leading source of initial compromise in 30% of incidents last year – here’s why
News Compromised network edge devices have rapidly emerged as one of the biggest attack points for small and medium businesses.
By Bobby Hellard
-
The new era of cyber threats
ITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
By Rory Bathgate
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to success
News Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.
By Emma Woollacott
-
Cisco claims new smart switches provide next-level perimeter defense
News Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
By Solomon Klappholz
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilities
News Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
By Emma Woollacott
-
Supply chain scares and Google’s AI code
ITPro Podcast As the ransomware attack on Blue Yonder disrupts a wide range of firms, Google moves to lead by example on internal AI code
By Rory Bathgate
-
T-Mobile security chief insists its defenses stood up to attacks linked to Salt Typhoon
News No T-Mobile customers or services were affected after its security teams detected suspicious activity on their routers
By Solomon Klappholz
-
Halloween special: Cybersecurity horror stories
Podcast Join us for three terrifying tales sure to chill any IT professional to the core
By Jane McCallion