Later this month, soccer will descend on airports across the United States, Mexico, and Canada. Every four years, the World Cup brings about two million foreign visitors to watch the games. While the focus will be on the soccer games and the celebrities in town for the games, we don’t think enough about the impact on airports.
All the planning and preparation that airports make to stay running will all be under the limelight as all eyes will be on the host countries. Some airports are set to see half a year’s worth of travel in 45 days. This increase in passenger volume doesn’t change the fact that airport teams will be expected to maintain safe and efficient operations while working under greater pressure than normal. That level of activity increases the importance of every system that supports airport operations.
Flight information displays, baggage handling systems, access control platforms, parking and revenue systems, public websites, mobile applications, vendor connections, and help desk processes will all become part of the broader readiness picture. A disruption that may be manageable during normal operations could have a much larger impact during the World Cup. Cybersecurity must be part of World Cup readiness now.
Airports Are Already Complex
Managing an operation as complicated as an airport needs to be approached more like managing a city. Airports support transportation, communications, emergency response, and much more. For this reason, the technology that keeps things going behind the scenes is very much at risk. No one bats an eye when systems are working. When they fail, however, the impact is felt quickly. A baggage disruption can affect airline operations. A display system outage can create confusion for passengers. The air conditioning going out can create problems for the tech and for all the travelers traveling.
During the World Cup, these disruptions carry greater consequences. Airports will be operating under increased public attention, higher passenger demand, and less tolerance for problems. A technical issue that may normally stay local can become a public communications challenge within minutes. This is why airport cybersecurity cannot be viewed as only an information technology issue. It is an operational resilience issue.
Global Events Change the Threat Environment
Bad actors try to exploit a need with cyberattacks. The World Cup creates a larger stage for cyber criminals, hacktivists, and other threat actors. The opportunity to disrupt operations, embarrass public institutions, and create confusion during the event is a great chance for hacker organization to incite fear. For this reason, airports should expect increased risk and should plan accordingly. Ransomware remains especially concerning because it can directly affect operational continuity. If a critical system becomes unavailable, the airport may be forced to shift to manual procedures at the worst possible time or even worse, pay the ransom. With threats from social engineering, ransomware, vendor risks, and new risks stemming from AI, attackers do not need to shut down an entire airport to create disruption. They only need to affect the right system at the wrong time.
Focus on What Could Disrupt Operations First
With a few weeks remaining, teams need to focus on the most critical systems that matter most to the airport. This includes passenger facing systems, operational technology, identity platforms, remote access, public websites, communication tools, vendor supported systems, and revenue platforms. If they were to be compromised, an airport would need to focus on identifying the systems that would affect passenger movement, airport operations, safety, security, or public communications.
Those systems should receive the most attention over the next few weeks leading up to the games, with clear ownership, confirmed support arrangements, and documented fallback procedures where available. The answers should guide the next two weeks of activity. Again, any system tied to passenger movement, public communication, safety, security, or airport revenue should receive priority attention.
Review Access Before the Surge
Major events often lead to expanded access. Vendors may need additional support windows and contractors might be brought in. While there may be shorter timeframes for establishing and validating new access, all access requests need to be reviewed carefully.
Airports should quickly validate who has access to critical systems, which accounts have administrative privileges, which vendors have remote access, and whether any temporary access is still active from prior projects. Accounts that are no longer needed should be removed. Shared accounts should be reviewed. Vendor access should be limited to what is required and monitored more closely during the event period.
This does not require a full identity transformation. It requires discipline. Unnecessary access creates unnecessary risk, especially when operations are under pressure.
Confirm Vendor Contacts and Escalation Paths
Airports rely heavily on third parties. During the World Cup, a vendor issue can quickly become an airport issue. In the next two weeks, airports should confirm which vendors support critical airport functions and verify how those vendors can be reached during an incident. This includes vendors supporting baggage systems, access control, public websites, parking, flight information displays, building systems, managed services, cloud platforms, and remote support tools. This is not the time to discover that the only vendor contact is unavailable after hours.
Each critical vendor should have a confirmed escalation contact, after hours contact, support expectation, and incident notification path. Airports should also confirm which vendors have remote access and whether that access can be disabled quickly if needed.
A short vendor readiness review can prevent confusion during a high pressure incident.
Freeze Nonessential Changes
In the final two weeks before a major global event, change control becomes especially important. Airports should consider a temporary freeze on nonessential changes to critical systems. This does not mean stopping emergency patches or security fixes. It means avoiding unnecessary upgrades, configuration changes, new integrations, firewall rule changes, and access changes that could introduce instability during a sensitive period.
All changes should already follow a strict change management process. Only emergency chances should be conducted until after the World Cup and those should still follow the change advisory board processes, tested where possible, and tied to a clear rollback plan. Many incidents during high pressure periods are not caused by attackers. They are caused by rushed changes, unclear ownership, and poor communication. A disciplined change freeze helps reduce that risk. By freezing nonessential changes, airports are able to focus on incidents and can rule out internal workings of their own staff.
Test the Most Important Response Procedures
While there isn’t enough time to do a proper tabletop exercise, airport leaders should bring together IT, operations, communications, legal, public safety, executive leadership, vendor management, and customer service representatives for a short working session. The scenario does not need to be complicated. It should be realistic.
Walk through what happens if a vendor supported passenger system becomes unavailable during peak travel. Walk through what happens if there is a ransom request. Walk through what happens if a baggage system requires a manual workaround. The purpose is to answer practical questions such as who declares the incident and who has the authority to act. Assigning roles to different tasks and creating actionable guidance will be important for the team and can uncover gaps that are still fixable before the event begins.
Increase Monitoring Where It Matters
Airports should use these last few weeks to increase monitoring around the systems most likely to create operational impact. This includes remote access, privileged accounts, vendor connections, public facing services, endpoint alerts, authentication failures, unusual login patterns, and critical network segments. This way, we are able to identify all external access.
Security teams should also confirm who is watching alerts, when they are watching, how escalations occur, and what conditions require immediate action. Additionally, the airport should consider adding an incident response retainer so they can prioritize support in the event of an threat being realized. This includes considerations around additional incident response retainers before, during, and after the World Cup.
Prepare Communications Before They Are Needed
Communication is very important during a cyber attack. Any event can quickly become a PR nightmare and public confidence issues can escalate very quickly. Airports should prepare internal and external communication templates before an incident occurs. These do not need to be overly detailed, but they should help teams respond quickly and consistently.
Communications teams should know how to coordinate with IT, operations, executive leadership, legal, airlines, vendors, and public agencies. The airport should also decide in advance who can approve public messaging and how passenger updates will be delivered if technology systems are unavailable. Clear communication can reduce confusion, protect trust, and support operational recovery.
Readiness Matters More Than Perfection
The World Cup will place airports under intense operational and public pressure. At this point, the most valuable cybersecurity work is practical, focused, and tied directly to continuity. Airports should not spend the final two weeks trying to redesign their security programs. They should use the time to confirm what matters most, reduce unnecessary access, lock down risky changes, prepare their vendors, test response procedures, and improve monitoring where it counts.
The airports that perform best will not be the ones that solved every cybersecurity problem before the first match. They will be the ones that prepared their people, clarified their processes, and focused their technology on keeping operations moving. The world is arriving soon. Airport cyber readiness needs to be clear, practical, and immediate.
