Global games mean cybercriminals can also go for gold

Coming up in 2026, the Winter Olympics and FIFA World Cup will draw massive global audiences. For fans, it means excitement and celebration. But for security leaders, it means something else entirely. Spread across multiple venues and digital platforms; these events present one of the most complex and distributed attack surfaces. 

The infrastructure, applications, data, vendors, volunteers and partners involved are scattered across the world. It will be harder than ever to defend data, creating a complexity that cybercriminals are counting on. 

Expect to see some of the most sophisticated and convincing phishing campaigns with AI-powered lures catching the urgency of ticket sales, travel planning, volunteer and staff coordination, and last-minute schedule updates. Fans, staff, and partners alike will get messages that look and feel legitimate. Without the right tools and controls in place, these will be nearly impossible to detect. 

And phishing won't be the only play we can expect to see.

Ransomware continues to be a high-impact threat with attacks carrying the potential to impair ticketing systems, broadcasting operations, and event logistics. Distributed denial-of-service (DDoS) attacks can disrupt live streams and mobile apps during critical moments, and deepfakes could be used to fabricate controversial occurrences and fuel disinformation campaigns. 

So, what’s the common thread? 

These attacks don’t need to take down everything, just create enough disruption, confusion, and loss of trust on a global level. Attackers are already preparing, and we need to be, too. Security leaders supporting major events or any large, distributed ecosystems should: 

• Deliver targeted and layered security awareness: Skip the generic training. All involved parties from volunteers to partners need event-specific guidance on social engineering and brand impersonation tactics.
• Leverage AI defensively: To spot and block attacks requires AI-powered threat intelligence, email security, and deepfake detection that can provide real-time insights and alerts.
• Plan for distributed incident response: In preparation for the challenges that come with a multi-country, multi-city event, run simulation exercises that account for time zones, jurisdiction, and language barriers.
• Engage in early, collaborative defense: Put information-sharing protocols in place with sector-specific information sharing and analysis centers (ISACs), law enforcement, and event partners, for swift action in the event of an incident.
• Protect the brand: Actively monitor for fraudulent domains, fake ticketing sites, and impersonation attempts and take them down fast.
• Test for resilience in planning: Backup and recovery plans for critical systems need to be tested under realistic, high-pressure attack scenarios. 

While global events bring the world together, they also attract bad actors looking to exploit that. Winning won’t just be for those taking the podium, but for teams who come prepared and treat cybersecurity as important as the game itself.