What Orgs Can Learn From Olympics, World Cup IR Plans

CYBER RISK CYBERATTACKS & DATA BREACHES VULNERABILITIES & THREATS CYBERSECURITY OPERATIONS NEWS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. What Orgs Can Learn From Olympics, World Cup IR Plans In this edition of "Reporters' Notebook," we discuss cyberattackers targeting the Milan-Cortina Winter Games, adding them to a long list of global sporting events in the crosshairs. Though the attack surface is grander, there are key incident-response takeaways for regular enterprises, too. Tara Seals,Managing Editor, News,Dark Reading March 12, 2026 SOURCE: DARK READING In the latest installment of our monthly "Reporters' Notebook" video series, Dark Reading's Tara Seals, TechTarget Search Security's Sharon Shea, and Cybersecurity Dive's Dave Jones discuss cybersecurity concerns around the just-concluded Winter Olympics in Milan-Cortina (and the upcoming 2026 FIFA World Cup), with an eye to what these global sports events can teach everyday businesses about incident-response preparation.  Large-scale global events like the Olympics and the World Cup are not just spectacles of athleticism and entertainment — they're also prime targets for cyberattacks. These events involve complex networks of third-party vendors, sponsors, and service providers, creating a vast attack surface that mirrors the challenges faced by everyday businesses, just on a grander scale. Both global events and regular businesses face the same types of threats: ransomware, phishing, malware, data exfiltration, critical infrastructure disruption, and distributed denial-of-service (DDoS) attacks. And for organizations of all sizes, the cybersecurity strategies employed during these high-profile events offer valuable lessons in incident response, risk management, and resilience. Related:Cyberattackers Don't Care About Good Causes For instance, take the importance of preparation and proactive planning: The Italian government confirmed that it thwarted unspecified attacks on the Winter Games leading up to its start. Event organizers have been conducting simulations, tabletop exercises, and red team/blue team drills to test their incident-response plans, and it paid off. Enterprises should also regularly evaluate their own cybersecurity readiness, develop well-vetted playbooks, and ensure that response teams are trained to act under pressure. Maintaining clear and consistent communication during crises is essential for preserving trust and minimizing operational disruptions. Another critical lesson is the need to secure third-party ecosystems. Large events rely on a network of partners, suppliers, and service providers, and a single weak link can compromise the entire operation. Similarly, businesses must continuously monitor their vendors and supply chains to ensure a secure ecosystem. By adopting layered defenses, fostering strong alliances, and learning from the challenges faced by global events, organizations can strengthen their cybersecurity posture and better prepare for the evolving threat landscape. Learn more in the video, and also check out our "Reporters' Notebook" full series, available here, which is designed to bring together insights and coverage from across Informa TechTarget's network of cybersecurity sister sites. Related:EU Auto Rules Shift Gears on Cybersecurity Standards Tara Seals, Sharon Shea & Dave Jones: Full Video Transcript This transcript has been edited for clarity and length by Informa TechTarget's internal AI assistant. For the full experience, please watch the video. Dark Reading's Tara Seals: Hello, everybody. Thank you for joining us for the latest installment of Reporters’ Notebook, featuring editors and reporters from Cybersecurity Dive, Tech Target Search Security, and Dark Reading. I'm Tara Seals, managing editor for news at Dark Reading. I am joined here by: TechTarget Search Security's Sharon Shea: I'm Sharon Shea, executive editor at TechTarget Search Security. Cybersecurity Dive's David Jones: David Jones, reporter at Cybersecurity Dive. DR's Tara Seals: Great, thanks for joining. The Winter Olympics just concluded in Milan and Cortina, and now we're looking ahead to the World Cup this summer in North America. These high-profile events draw billions of viewers worldwide, lots of visitors, and involve many moving parts to make them happen. That makes them an attractive target for cyberattacks, and there's a history of attacks on these events over the years.  In Milan for instance this time, the Italian government said they thwarted some attacks, though they didn’t detail them publicly.  Related:PCI Council Says Threats to Payments Systems Are Speeding Up While it might seem like these events have little in common with everyday businesses, I think there are valuable incident response lessons to be learned. Dave, I know you've done a lot of reporting on some of the risks around these big events. That might be a good place to start. CD's David Jones: Thanks, Tara. There are a couple of issues at play here, given the current global climate, including the conflict in Iran and challenges with key adversaries overseas. Events like these require careful consideration of the venue and coordination with allies to prepare and respond to potential incidents. These events involve a wide range of potential disruptions, from physical security to digital security. You want attendees, including diplomats, celebrities, and political leaders, to feel safe and welcome without turning the event into a stifling police operation. One major attraction for attackers is the ability to make a broad statement to millions of people through disruptions, such as interrupting broadcasts or delaying live coverage. We've seen attempts at this during previous Olympic Games. Ensuring these events proceed without visible disruptions is a significant undertaking. DR's Tara Seals: The Pyeongchang 2018 Winter Olympics is a prime example of disruption. The Olympic Destroyer malware caused issues during the Opening Ceremony, including taking down Wi-Fi networks, ticketing systems, and contributing to flickering broadcast infrastructure. While the attackers didn’t achieve their full intent, the incident highlighted the importance of planning and incident response. Similarly, during the London Olympics, the UK thwarted an attack on the power grid. While nothing happened publicly, behind the scenes it was a frenzied incident-response situation. These examples show how common these challenges are for large-scale events. Dave, in your reporting on World Cup threats, what are some commonalities between these events and everyday businesses? CD's David Jones: Major businesses often sponsor global events, send senior executives to attend, or have critical proprietary or customer data at risk during these events. These executives, who have access to sensitive data, may be targeted personally, whether through tracking, compromised devices, or identity theft. Attackers could use stolen identities to send messages in their names, potentially gaining access to the company’s systems. Protecting these individuals and preserving the company’s reputation is crucial. This isn’t just relevant for sporting events but also for large company meetings, business conferences, and multinational events. Companies need to ensure their security measures are robust to protect their people, data, and brand image. DR's Tara Seals: Absolutely. If you distill the threats seen at events like the Olympics, World Cups, and other big events like the Super Bowl, they’re the same as those faced by everyday businesses — just on a larger scale. Phishing, DDoS, hacktivism, infrastructure disruption, malware, data exfiltration, spyware implantation, and more. These global events provide a unique opportunity to see how incident response should be architected. The threats are the same, but the scale is larger. Sharon, can you talk about some incident response best practices we can learn from these events? TTSS's Sharon Shea: Absolutely, Tara. These events act as real-world stress tests for incident response. While we may not know everything that happens behind the scenes, it’s clear they involve well-oiled machines monitoring, detecting, containing, and recovering from attacks. On Search Security, we've published extensive content on layered defense, cyber resilience, and incident response. Preparation is key. Organizations need a well-vetted, regularly tested, and updated incident-response plan to mitigate financial, operational, and reputational damage. First, create an incident-response plan outlining high-level priorities. Incident response is a team effort, involving responders, forensic analysts, security analysts, PR, legal, and external law enforcement, as needed. You also need playbooks with actionable steps to respond to specific threats like DDoS, ransomware, and credential harvesting. And, of course, practice is essential: test playbooks through simulations, tabletop exercises, and red/blue team drills to see how the team reacts under pressure. Practice, practice, practice. You need to test those playbooks, conduct simulations, tabletop exercises, red team, blue team drills. It's crucial to see how the team reacts under pressure. The first time an incident happens should not be the first time your incident-response team sees the incident-response plan or playbook. CD's David Jones: Unless you're Allen Iverson, who never liked to practice, but that's another story. TTSS's Sharon Shea: I also wanted to touch on something Dave said earlier. These big world events highlight a reality we're seeing in organizations today: the third-party ecosystem. DR's Tara Seals: Right. TTSS's Sharon Shea: Events like the Olympics involve ticketing agencies, streaming services, vendors, sponsors — a massive network with a huge attack surface. One weak link in the chain can lead to significant consequences. This mirrors organizations working with partners, suppliers, service providers, and other third parties. Vetting who you work with and continuously monitoring vendors is essential for maintaining a secure partner and supply chain ecosystem. DR's Tara Seals: Absolutely. TTSS's Sharon Shea: Another critical point is communication. When the world is watching, how quickly and effectively you communicate during an incident matters as much as how quickly you remediate the issue. Internal and external communications are key. DR's Tara Seals: Agreed. TTSS's Sharon Shea: You need a crisis or incident-response management communication plan. You want your employees, partners, the media, customers, regulators to have consistent, clear, accurate, and rapid messaging. That helps maintain trust, minimize chaos, and ensure coordinated incident response can happen. Fixing the issue is important, but so is ensuring the communication is handled effectively.  DR's Tara Seals: Events like the Olympics, World Cup, or Super Bowl are meticulously planned over years, with incident-response plans tested and refined constantly. Yet, even they face challenges from attackers exploiting cracks in the armor. CD's David Jones: This underscores the importance of alliances and coordination between partners. Managing security — both physical and digital — for such events requires strong relationships across jurisdictions and countries. TTSS's Sharon Shea: Don't be the weakest link. CD's David Jones: For example, CISA, the State Department, other agencies participated in preparing for the Olympics, and you need to know the role of your particular agency or your diplomatic corps or your security team in the plan, in the event of an attack if the lights go out, if the ticketing stops working. Everybody's going to have to spring into action at some level of coordination. DR's Tara Seals: Absolutely. All right, guys. Well, I think we can leave it there. I really appreciate your time. And for our viewers, once again, I'm Tara Seals with Dark Reading. I have been joined by Sharon Shea from TechTarget Search Security and Dave Jones at Cybersecurity Dive. Thank you for watching. Read more about: CISO Corner About the Author Tara Seals Managing Editor, News, Dark Reading Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBER RISK Venezuelan Oil Company Downplays Alleged US Cyberattack by Jai Vijayan, Contributing Writer DEC 16, 2025 CYBER RISK Dark Reading Confidential: Battle Space: Cyber Pros Land on the Front Lines of Protecting US Critical Infrastructure by Dark Reading Staff SEP 23, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBER RISK Tariffs May Prompt Increase in Global Cyberattacks by Robert Lemos, Contributing Writer APR 09, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge THREAT INTELLIGENCE Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 MAR 16, 2026 THREAT INTELLIGENCE The Data Gap: Why Nonprofit Cyber Incidents Go Underreported MAR 13, 2026 CYBER RISK Cyberattackers Don't Care About Good Causes MAR 13, 2026 CYBER RISK A Guy Who Wrote the Code Died in 2005. I Still Have to Secure It MAR 11, 2026 Read More The Edge Want more Dark Reading stories in your Google search results?