Nigerian organisations face 3,759 cyberattacks weekly, report finds

• Nigerian organisations face 3,759 cyber attacks weekly
• The financial sector is the hardest hit, followed by government and educational institutions
• The report stressed the need for sustained investment in cybersecurity

The 2024 African Perspectives on Cyber Security Report by Check Point Software Technologies has revealed that Nigerian organisations experience an average of 3,759 cyber attacks weekly.

The report noted that the figure is double the global weekly average of 1,876, highlighting Nigeria’s cyber vulnerability.

It noted that ransomware emerged as the dominant cyber threat in Nigeria, targeting both public and private entities by exploiting zero-day vulnerabilities.

Other threats include botnets, information stealers and banking malware, which have become increasingly sophisticated in targeting financial data and network infrastructure.

The report read, “Nigeria continues to face one of the highest frequencies of cyber-attacks in Africa, with organisations being attacked on average 3,759 times per week. This alarming statistic highlights the urgent need for robust cybersecurity measures to protect critical sectors, especially finance, government, and healthcare. 

“In 2024, ransomware has become the most significant cyber threat in Nigeria, with attacks exploiting zero-day vulnerabilities and causing widespread damage to both public and private entities. Additionally, botnets, information stealers and banking malware remain persistent threats, with attackers increasingly targeting network infrastructure and financial data.”   

Financial sector recorded the highest number of incidents

The financial sector recorded the highest level of cyber attacks, with an average of 4,718 incidents weekly.

The report noted that the frequency of attacks is due to weak multi-factor authentication systems and outdated banking infrastructure.

It highlighted a case study where a phishing attack compromised over 10,000 accounts in a leading Nigerian bank in March 2024.

The report said the attackers used the Emotet Trojan to infiltrate financial systems, which resulted in a $3 million loss and a decline in the bank’s stock value.

It said, “The Banking Trojan allowed the attackers to gain unauthorised access to critical financial systems, leading to the theft of millions of naira from customer accounts.

“The bank’s internal investigation revealed that over 10,000 customer accounts were compromised, and the total financial loss was estimated at approximately three million USD. The attack caused significant reputational damage to the bank, leading to a loss of customer trust and a sharp decline in stock prices.” 

Attackers targeted government and education sectors, too

According to the report, government institutions face an average of 1,791 cyber attacks weekly, with ransomware and botnets posing the highest threats.

Such exploited vulnerabilities as remote code execution and information disclosure have made the sector susceptible to attacks.

The education sector also faces 1,682 attacks weekly, which are primarily done through phishing schemes and malware infections.

Attacks on educational institutions are due to the lack of cybersecurity training for staff and students, which exposes their vulnerabilities and makes academic institutions easy targets for hackers.

Building defence against cyber attacks

The report also noted that Nigeria’s growing reliance on digital platforms has made it a prime target of the 90 per cent year-on-year increase in ransomware attacks in Africa.

It stated that threat actors are leveraging advanced technologies like generative AI to enhance the precision of phishing campaigns and malware development and called for urgent reforms in financial systems, including the adoption of advanced authentication protocols and regular security audits.

The Central Bank of Nigeria (CBN) focused on this approach when it introduced a 0.5 per cent cybersecurity levy in May 2024 to fund improved defenses. However, the Nigerian public resisted the measure, which has been reinstated and reduced to 0.005 per cent on all electronic transactions under its new 2024-2025 fiscal year guidelines.

The report stressed the importance of sustained investment in cybersecurity infrastructure and recommended implementing stronger encryption protocols, adopting advanced threat detection technologies and conducting ongoing cybersecurity awareness campaigns.

Nigeria ranks in tier 3 on 2024 Global Cybersecurity Index

Meanwhile, TheRadar reported that Nigeria was ranked among Tier 3 countries in a recently released 2024 Global Cybersecurity Index (GCI) by the International Telecommunication Union (ITU).

The GCI evaluated 194 nations, categorising them across five tiers based on their commitment to cybersecurity across five pillars: legal, technical, organisational, capacity-building and cooperation.