Cyberattackers are targeting the Milan-Cortina Winter Games and other global sporting events to exploit their expanded digital attack surfaces [1].

These targeted attacks demonstrate the vulnerability of high-profile international events, providing a blueprint for how regular enterprises can improve their own incident response planning [1].

The threats have remained ongoing, with specific activity noted during the World Cup skiing events in February [1, 2]. Security analysts said these events create unique risks because they combine massive crowds with temporary, rapidly deployed digital infrastructure. This environment often leaves gaps that attackers can exploit to disrupt operations or steal data [1].

For businesses, the takeaways from these sporting events center on the necessity of a robust incident response plan. Experts said that organizations must prepare for the reality of a breach rather than focusing solely on prevention [1]. This includes establishing clear communication channels, and predefined roles for when a system is compromised.

Analysts said the scale of the Milan-Cortina Games underscores how a localized event can create a global risk profile [1]. When infrastructure is shared across multiple venues and partners, a single point of failure can lead to widespread disruption. Companies are encouraged to map their dependencies and identify third-party vulnerabilities before a crisis occurs [1].

Effective response plans require regular testing and simulation. The challenges faced by organizers during the World Cup and the Winter Games serve as a real-world case study in managing high-pressure security failures [1, 2]. By studying these patterns, enterprises can build more resilient systems that withstand similar pressures [1].

Cyberattackers are targeting the Milan-Cortina Winter Games and other global sporting events.

The targeting of the Milan-Cortina Games illustrates a shift where attackers use the prestige and complexity of global events as testing grounds for disruptive tactics. For the private sector, this signals that the 'attack surface' is no longer just a company's internal network, but every third-party vendor and temporary connection involved in a project.