Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Olympic Games, FIFA World Cup offer huge platforms, rich cyberattack surface

Global sporting events have become a lucrative target for criminal actors and geopolitical statements.

Published April 7, 2026
David Jones's headshot
Reporter
A person walks a runway in front of the Olympic rings.
Mexican figure skater Donovan Daniel Carrillo Suazo walks the runway at Olympic Games Winter Fashion Showcase at Piazza Sempione on Feb. 4, 2026, in Milan, Italy. Massimo Rosi via Getty Images

International sporting events in recent years have become increasingly popular for corporate brands, celebrities and political figures to reach new audiences. That high visibility also provides high-profile opportunities for political hacktivists, state-sponsored adversaries and cybercriminal actors to wreak havoc. 

As part of our monthly Reporters’ Notebook video series, David Jones, reporter at Cybersecurity Dive, sat down with Tara Seals, managing editor for news at Dark Reading, and Sharon Shea, executive editor of TechTarget SearchSecurity, to discuss the unique cybersecurity risks connected to the recent Milan Cortina 2026 Winter Olympics and other upcoming events, including the 2026 FIFA World Cup.

These global sports events are taking place at a time of heightened geopolitical tensions. Since 2022, the Ukraine war has increased the threat environment between Russia and NATO allies, for instance. And while the kinetic war largely is limited to territories inside Ukraine and Russia, the threat of cyber retaliation has included critical infrastructure sites across Europe. Cybersecurity authorities in the U.K. and Canada have reported increased hacktivist activity targeting critical infrastructure in late 2025.

Researchers from Palo Alto Networks point to the Russian Federation’s recent history of tensions with the International Olympic Committee, stemming from longstanding allegations of doping and suspension following the Ukraine invasion in 2022.

The Winter Olympics faced cyber threats as well: Italian authorities in February said they had thwarted attempts from Russia-linked actors targeting websites, hotel venues and other sites related to the event. The attack campaign was linked to a hacktivist actor tracked as NoName057. 

There was also a massive spike of more than 180% in distributed denial-of-service attack volume against critical infrastructure in Italy during the Games, according to a report released Monday from Netscope.

Meanwhile, the Cybersecurity and Infrastructure Security Agency worked alongside the U.S. Department of State’s Diplomatic Security Service and other federal and international partners to provide real-time intelligence to help monitor security risks at the Winter Games.  

“These efforts are part of extensive planning that will continue as we prepare to safeguard critical infrastructure at other major events, including the FIFA World Cup 2026, America 250, and the 2028 Summer Olympics,” Steve Casapulla, executive assistant director for infrastructure security at CISA, told Cybersecurity Dive. 

Editor’s note: The following transcript has been lightly edited for length and clarity.

Dark Reading’s Tara Seals: Hello, everybody. Thank you for joining us for the latest installment of Reporters' Notebook, featuring editors and reporters from Cybersecurity Dive, TechTarget SearchSecurity and Dark Reading. I'm Tara Seals, managing editor for news at Dark Reading. I am joined here by:

TechTarget SearchSecurity's Sharon Shea: I'm Sharon Shea, executive editor at TechTarget SearchSecurity.

Cybersecurity Dive's David Jones: David Jones, reporter at Cybersecurity Dive.

Seals: Great, thanks for joining. The Winter Olympics just concluded in Milan and Cortina, and now we're looking ahead to the World Cup this summer in North America. These high-profile events draw billions of viewers worldwide, lots of visitors and involve many moving parts to make them happen. That makes them an attractive target for cyberattacks, and there's a history of attacks on these events over the years.

In Milan, for instance, this time, the Italian government said they thwarted some attacks, though they didn't detail them publicly.

While it might seem like these events have little in common with everyday businesses, I think there are valuable incident response lessons to be learned.

Dave, I know you've done a lot of reporting on some of the risks around these big events. That might be a good place to start.

Jones: Thanks, Tara. There are a couple of issues at play here, given the current global climate, including the conflict in Iran and challenges with key adversaries overseas. Events like these require careful consideration of the venue and coordination with allies to prepare and respond to potential incidents.

These events involve a wide range of potential disruptions, from physical security to digital security. You want attendees, including diplomats, celebrities and political leaders, to feel safe and welcome without turning the event into a stifling police operation.

One major attraction for attackers is the ability to make a broad statement to millions of people through disruptions, such as interrupting broadcasts or delaying live coverage. We've seen attempts at this during previous Olympic Games. Ensuring these events proceed without visible disruptions is a significant undertaking.

Seals: The Pyeongchang 2018 Winter Olympics is a prime example of disruption. The Olympic Destroyer malware caused issues during the opening ceremony, including taking down Wi-Fi networks, ticketing systems and contributing to flickering broadcast infrastructure. While the attackers didn't achieve their full intent, the incident highlighted the importance of planning and incident response.

Similarly, during the London Olympics, the UK thwarted an attack on the power grid. While nothing happened publicly, behind the scenes it was a frenzied incident response situation. These examples show how common these challenges are for large-scale events.

Dave, in your reporting on World Cup threats, what are some commonalities between these events and everyday businesses?

Jones: Major businesses often sponsor global events, send senior executives to attend or have critical proprietary or customer data at risk during these events. These executives, who have access to sensitive data, may be targeted personally, whether through tracking, compromised devices or identity theft.

Attackers could use stolen identities to send messages in their names, potentially gaining access to the company's systems. Protecting these individuals and preserving the company's reputation is crucial.

This isn't just relevant for sporting events but also for large company meetings, business conferences and multinational events. Companies need to ensure their security measures are robust to protect their people, data, and brand image.

Seals: Absolutely. If you distill the threats seen at events like the Olympics, World Cups and other big events like the Super Bowl, they're the same as those faced by everyday businesses — just on a larger scale. Phishing, DDoS, hacktivism, infrastructure disruption, malware, data exfiltration, spyware implantation and more.

These global events provide a unique opportunity to see how incident response should be architected. The threats are the same, but the scale is larger. Sharon, can you talk about some incident response best practices we can learn from these events?

Shea: Absolutely, Tara. These events act as real-world stress tests for incident response. While we may not know everything that happens behind the scenes, it's clear they involve well-oiled machines monitoring, detecting, containing and recovering from attacks.

On SearchSecurity, we've published extensive content on layered defense, cyber resilience and incident response. Preparation is key. Organizations need a well-vetted, regularly tested and updated incident response plan to mitigate financial, operational and reputational damage.

First, create an incident-response plan outlining high-level priorities. Incident response is a team effort, involving responders, forensic analysts, security analysts, PR, legal and external law enforcement, as needed.

You also need playbooks with actionable steps to respond to specific threats like DDoS, ransomware and credential harvesting. And, of course, practice is essential: test playbooks through simulations, tabletop exercises, and red/blue team drills to see how the team reacts under pressure.

Practice, practice, practice. You need to test those playbooks, conduct simulations, tabletop exercises, red team, blue team drills. It's crucial to see how the team reacts under pressure. The first time an incident happens should not be the first time your incident-response team sees the incident-response plan or playbook.

Jones: Unless you're Allen Iverson, who never liked to practice, but that's another story.

Shea: I also wanted to touch on something Dave said earlier. These big world events highlight a reality we're seeing in organizations today: the third-party ecosystem.

Seals: Right.

Shea: Events like the Olympics involve ticketing agencies, streaming services, vendors, sponsors — a massive network with a huge attack surface. One weak link in the chain can lead to significant consequences. This mirrors organizations working with partners, suppliers, service providers and other third parties. Vetting who you work with and continuously monitoring vendors is essential for maintaining a secure partner and supply chain ecosystem.

Seals: Absolutely.

Shea: Another critical point is communication. When the world is watching, how quickly and effectively you communicate during an incident matters as much as how quickly you remediate the issue. Internal and external communications are key.

Seals: Agreed.

Shea: You need a crisis or incident-response management communication plan. You want your employees, partners, the media, customers, regulators to have consistent, clear, accurate and rapid messaging. That helps maintain trust, minimize chaos and ensure coordinated incident response can happen. Fixing the issue is important, but so is ensuring the communication is handled effectively.

Seals: Events like the Olympics, World Cup or Super Bowl are meticulously planned over years, with incident response plans tested and refined constantly. Yet, even they face challenges from attackers exploiting cracks in the armor.

Jones: This underscores the importance of alliances and coordination between partners. Managing security — both physical and digital — for such events requires strong relationships across jurisdictions and countries.

Shea: Don't be the weakest link.

Jones: For example, CISA, the State Department, other agencies participated in preparing for the Olympics, and you need to know the role of your particular agency or your diplomatic corps or your security team in the plan, in the event of an attack if the lights go out, if the ticketing stops working. Everybody's going to have to spring into action at some level of coordination.

Seals: Absolutely. Yeah, 100%. All right, guys. Well, I think we can leave it there. I really appreciate your time. And for our viewers, once again, I'm Tara Seals with Dark Reading. I have been joined by Sharon Shea from TechTarget SearchSecurity and Dave Jones at Cybersecurity Dive. Thank you for watching.

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
Blackpoint Cyber Releases 2026 Threat Report
From Blackpoint Cyber
April 07, 2026
Blackpoint Cyber logo
BrandShield Expands Brand and Digital Risk Protection to AI Platforms, Where Millions of Consu…
From BrandShield
April 01, 2026
BrandShield logo
Zapier Pledges Free AI Education for 1 Million People
From Zapier
March 17, 2026
Zapier logo
2026 Resilience Risk Index Reveals that Endpoint Security Software Fails More Than 20 Percent …
From Absolute Security
March 24, 2026
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell