Cybersecurity in Nigeria: from the most targeted business sector to the biggest threat vector




Justice Anyai

After two years of business-halting lockdowns, economic recovery remains a key focus in 2022. However, it’s something that can only happen in Nigeria’s increasingly digitally reliant society if businesses make  cybersecurity a priority. 

The magnitude of cybercrime affecting Nigeria’s businesses is alarming. The latest Check Point Research Threat Intelligence Report for Nigeria revealed that an organisation experienced an average of 2, 308 weekly attacks last year. This figure is higher still for one of the country’s most economically important, fastest growing sectors: finance and banking.



Segun Fatuase  had an online interview with Justice Anyai, Check Point Software Technologies Ltd. Country Manager for Nigeria. Check Point Software Technologies Ltd. (NASDAQ: CHKP) is a leading provider of cyber security solutions for enterprises and governments worldwide.

An overview of Nigeria’s cybersecurity landscape

In the latest Check Point Research Threat Intelligence Report for Nigeria, which benchmarks the country’s cybersecurity status against a global median, the magnitude of cybercrime is revealed.

Worldwide, the number of attacks experienced per business each week is 870 on average – alarmingly, in Nigeria, this weekly figure is 2, 308 across all industry sectors collectively. The more-granular per-industry analysis reveals this figure is higher still for businesses in the finance and banking sector.

Finance and banking under siege
Mobile banking is one of the fastest growing sectors in the country. In fact, between May 2019 and May 2020, mobile payments grew by an incredible 391%. Financial inclusion, largely enabled by smart mobile solutions, has done much to drive Nigeria’s economy. However, cybercriminals are taking notice of this increasing reliance on mobile devices, exploiting the rapidly expanding finance sector.

 Of all Nigerian businesses across sectors from health to education, the most targeted is finance and banking. “Over the last six months, the number of attacks against these institutions in Nigeria was 3, 682 per week, while globally, this figure is far lower at 774,” says Pankaj Bhula, Check Point Software Technology Regional Director for Africa. “To protect this booming industry, more must be done to drive awareness around cybersecurity.”

 The report also revealed that, over the past six months, 62% of Nigeria’s businesses fell victim to Remote Code Execution (RCE) attacks, making this the top class of vulnerability exploits. A cybercriminal can gain remote control to a device and the private data stored on it in an RCE attack. Considering the most targeted sector is finance, which holds a wealth of sensitive user data, the rise of RCE attacks is worrisome.

Social engineering and deepfakes: 2022’s challenges

Check Point Software Technologies forecast several alarming cyber-threat trends for 2022, including the weaponisation of deepfake technologies by cybercriminals to create fake news campaigns as part of elaborate phishing attacks, predominantly carried out over email. In fact, in Nigeria, email was recorded as the origin point for 60% of cyberattacks over the last month, according to the report. As it’s the prevailing vector for delivery of malicious files, awareness around social engineering attacks like these must be bolstered.

 On the topic of deepfake technologies, Remi Afon, president of the Cyber Security Experts Association of Nigeria, reiterated that it’s a huge area of concern in 2022. While the technology can be leveraged by criminals to scam and dupe victims, a more insidious purpose is using deepfakes to create political instability and scandal. For Afon, this technology and the resulting spread of misinformation could have far-reaching ramifications for Nigeria’s 2023 General Election.

Protecting Nigeria’s businesses from attacks

In November, 20% of businesses in Nigeria were impacted by an info stealer called Floxif. This malware, which was also responsible for the bulk of malware attacks in Kenya, caused large-scale devastation to even large tech companies in 2017 when it infected over 2 million users.

While big businesses may seem like more lucrative targets, the increasing prevalence of Floxif attacks on companies of all sizes shows that cybercriminals do not discriminate. Smaller companies must remain as vigilant as large enterprises.

To do this, it’s crucial that budgets are earmarked for effective IT security infrastructure that will enable a proactive rather than reactive approach to cybercrime. Proactive businesses are more resilient, have backups, and can protect sensitive data in stronger or more innovative ways. These companies also run the latest updates of their security software, web browsers, and operating systems to ensure any new vulnerabilities are patched to protect against attacks.

Of course, people are a large part of the cybersecurity equation. As such, businesses must equip staff with information on best practices for staying safe online when working in the office or remotely. Such information would promote vigilance around phishing emails and encourage the use of password managers and trusted Wi-Fi networks, while highlighting the dangers of accessing unsecured websites.

With the right security solutions in place, and a focus on cybersecurity awareness kept top of mind, businesses can prevent cyberattacks to keep Nigeria’s economy on track.


What are the implications of cyberattacks in Nigeria?

Across the African continent, Nigeria has one of the biggest and strongest FinTech startup environments. Moreover, mobile banking is one of the fastest growing sectors in the country: between May 2019 and May 2020, mobile payments grew by an incredible 391%.

Financial inclusion, largely enabled by smart mobile solutions, has done much to drive Nigeria’s economy. However, cybercriminals are taking notice of this increasing reliance on mobile devices, exploiting the rapidly expanding finance sector, which puts citizens and the economy at risk.

The magnitude of cybercrime is of great concern. Globally, while the average number of attacks experienced per business each week is 870, in Nigeria, it’s 2, 308 across all industry sectors collectively. The more-granular per-industry analysis reveals this figure is higher still for businesses in the finance and banking sector, which are important for bolstering Nigeria’s economy. Over the last six months, the number of attacks against finance institutions in Nigeria was 3 682 per week, while globally, this figure is far lower at 774.

What kind of effects can this have on organisations who have their company servers stored in the cyber space?

There’s no doubt that the cloud has the potential to be more secure than traditional on-premises solutions. The key word here is potential. Just because the cloud can be more secure, it doesn’t mean that businesses will always enjoy greater protection when they make the shift. This has less to do with the cloud and more to do with how businesses approach their security, management, and oversight.

In other words, it’s what you do with the cloud that matters. The infrastructure itself won’t insulate you from the dangers that exist in the cyber landscape. For this reason, Check Point Software Technologies created CloudGuard, providing a comprehensive cloud security solution.

What kind of intervention can Checkpoint suggest in order to tackle the issue of cyber-attacks in Nigeria?

For businesses, the following security tips should be implemented:

•       Earmark budget for an effective IT security infrastructure: This will enable a proactive rather than reactive approach to cybercrime. Proactive businesses are more resilient, have backups, and can protect sensitive data in stronger or more innovative ways. These companies also run the latest updates of their security software, web browsers, and operating systems to ensure any new vulnerabilities are patched to protect against attacks.

Adopt a zero-trust strategy: Across the industry, security professionals are moving to a zero-trust security mindset: no device, user, workflow, or system should be trusted by default, regardless of the location from which it operates, either inside or outside the security perimeter. Applying these principles allows a “Deny by Default” security posture to be adopted where systems are hardened and isolated until a level of trust is established bringing the highest level of protection to a system.

Protect mobile devices: Data mobility is one of the main points to consider when establishing a cybersecurity strategy. In the current paradigm, in which hybrid working has been adopted in most companies, there is a multi-device situation with many not having the appropriate security measures in place. These businesses are becoming the focus of many malicious campaigns by cybercriminals and so it is key to equip all devices with protective measures against any cyberattack. Check Point Harmony Mobile provides real-time threat intelligence and visibility into threats that could affect businesses, protecting them against any type of attack targeting mobile devices.

•       Drive education around cybersecurity: One of the main entry points for a cyberattack is through email. For this reason, it is paramount to train employees, so that they can identify and avoid possible attacks. A social engineering message encouraging the user to click on a malicious link is enough. Education is often considered one of the most important defenses that can be deployed; such education would promote vigilance around phishing emails and encourage the use of password managers and trusted Wi-Fi networks, while highlighting the dangers of accessing unsecured websites.