Matt Berzinski, EMEA Field CTO at Ping Identity explains why identity and verifiable credentials are now the frontline of security, turning traditional perimeter defences into a gold medal-winning strategy.
Major sporting events, like the 2026 Winter Olympics, have long been a gold medal target for cyber-attackers.
These aren’t just tournaments; they are temporary digital cities.
Thousands of spectators, athletes, and staff converge in high-traffic, high-trust environments, creating a massive, decentralised attack surface where every digital interaction – from mobile ticketing to athlete health data – is a potential entry point.
The scale of the threat is already clear. Even before this year’s opening ceremony, Italy disrupted a Russian attempt targeting hotel and government systems.
From the 2018 ‘Olympic Destroyer’ malware to modern credential stuffing, the battle is fought just as fiercely online as it is on the ice.
The common denominator in these attacks is identity.
Whether it’s an attacker spoofing a staff badge or a bot hijacking a fan’s ticket account, the risk almost always starts with a compromised credential.
As identity fraud becomes more industrialised, organisers must realise that identity is the new perimeter.
To keep events running smoothly, the strategy must shift from defending static infrastructure to orchestrating verifiable digital identity.
A common misconception is that cybersecurity at major sporting events is mainly about keeping infrastructure online – preventing outages, defending against large-scale attacks and maintaining system resilience.
While uptime remains vital, some of the most damaging attacks today target trust, not technology.
Today’s threat actors focus on the human layer.
They leverage AI-assisted social engineering and synthetic identities to impersonate fans and staff, bypassing legacy network security to commit payment fraud or data theft.
Global tournaments amplify these risks.
Surges in traffic across streaming services, betting platforms, fantasy sports apps and social networks provide cover for credential theft.
Alongside this, high volumes of registrations, logins and password resets during peak periods make abnormal behaviour harder to spot while suspicious logins, unusual geolocations or new devices appear normal, especially as fans travel internationally and connect via shared networks.
As such, security teams can quickly become overwhelmed, giving attackers a window to act undetected.
Once inside accounts, threat actors can change login details, add payment methods or exploit resale channels.
Because these actions often follow a legitimate login, they blend with normal activity, locking out real users and multiplying the impact.
To stay ahead of sophisticated identity risks, major events are moving away from the ‘password-and-perimeter’ model.
Verifiable credentials and decentralised identity provide the only practical way to confirm identities at scale while maintaining a frictionless UX.
Using decentralised identity systems, organisers can issue credentials that prove eligibility or access rights while individuals keep control over their personal data.
These credentials, securely stored in personal digital wallets, allow users to be instantly verified without exposing unnecessary information.
Working both online and in person, these credentials prevent ticket fraud, employee impersonation and even unauthorised physical access to specific areas.
Verifiable credentials also act as a defence during traffic surges.
When millions of users register, log in or purchase at the same time, unverified accounts can be flagged automatically, preventing bots or fraudulent actors from infiltrating systems.
Abnormal behaviour is highlighted in real time.
By embedding identity security into every touchpoint – from ticket purchase to stadium entry – organisers shift from reactive detection to preventative orchestration.
This is the essence of an identity-defined zero trust strategy: Treating every login, transaction and access request as untrusted until proven otherwise, based on real-time context and verifiable data.
Applying strong, decentralised identity verification allows event organisers to provide safe, seamless access for all, even under the glare of global attention.
For upcoming milestones like the FIFA World Cup, this approach is no longer an add on – it is the foundation of digital integrity.
In the modern arena, verifiable credentials ensure the world’s focus remains exactly where it belongs: On the competition, not the compromise.
