One year until kick-off: securing the 2026 Football World Championships

This time next year, the eyes of the world will be fixed on the Football World Championships; excitement is already building with the event, which is taking place across the U.S., Canada and Mexico, promising an unrivalled experience over its 39 days.

However, with the increased size and scale of next year’s tournament come complex cybersecurity challenges to be addressed for everyone involved. Drawing on his experience in helping to defend Internet performance and availability over the past 20+ years, including multiple major sporting events*, Darren Anstee, CTO for security at NETSCOUT, talks to some of the risks facing the tournament organisers, sponsors, media organisations and critical infrastructure providers, as well as how these risks have changed and the best practices for their management.

“One of the key cyber threats facing anyone associated with the delivery of high-profile events are distributed denial-of-service (DDoS) attacks. These attacks are a popular weapon as they are easy to generate, hard to trace back to a perpetrator, and can disrupt events at multiple levels, from media coverage and merchandise sales, right the way through to physical infrastructure.

“Unfortunately, over the past few years we’ve seen a huge rise in the number and sophistication of hacktivist groups out there leveraging DDoS. These groups are often primarily geopolitically motivated, and are well-resourced with access to sophisticated attacks tools. Major sporting events are seen as a valid target by these groups – thus, understanding their capabilities and how they have evolved is essential for successful defence.

“From the 2012 London Summer Games** to last year’s EURO 2024 in Germany***, threat actors routinely target global sporting events with DDoS attacks. The scale and visibility of next year’s Football World Championships, coupled with ongoing geopolitical tensions, makes it a marquee target for cybercriminals, with the tournament’s geographically distributed footprint offering cybercriminals a large threat surface to go after.

“Even with the tournament still nearly a year away, we should expect threat actors to start probing the defences of organisers, sponsors and critical infrastructure providers – especially Internet service providers (ISPs) – to map their capabilities. If previous experiences are anything to go by, we ought to anticipate waves of attacks every few months in the lead up to the competition, as attackers undertake reconnaissance, and test their own tools and capabilities.

“To evade potential disruptions, preparation is key. Understanding the current threat landscape and ensuring defensive capability is consistent across the supply chain is essential to success. This isn’t just about technology; it’s also about threat intelligence and having the right operational resources and processes in place.

“With the Football World Championships kicking off on 11^th June 2026, organisers, sponsors and critical infrastructure providers have just under a year to ensure they’re ready to welcome the world – threat actors and all.”

* https://www.netscout.com/resources/case-studies/2024-summer-games-frances-largest-isps-ensuring-service-availability-netscout-arbor-edge-defense

** https://www.computerweekly.com/news/2240168945/Cyber-attacks-launched-at-London-2012-Olympic-Games-every-day

*** https://www.reuters.com/sports/soccer/hackers-hit-poland-euro-2024-match-broadcast-second-attack-2024-06-21/