Nigerian Businesses Urged to Prioritise Staff Training As Phishing Threats Escalate
Funmilayo Ogunare
As cybercriminals deploy increasingly sophisticated phishing tactics across Nigeria, an expert has warned that technology alone is no longer sufficient to protect organisations.
A Security Operations Analyst and Vulnerability Manager, Ruth Itua, stressed that the human factor remains both the weakest link and the strongest defence in cybersecurity.
She explained that phishing threats in Nigeria are growing at a pace many organisations are struggling to match, with human error still accounting for a significant number of successful attacks.
According to her, building a culture of continuous staff training and awareness can help organisations turn employees from potential liabilities into proactive defenders.
“In Nigeria’s evolving cyber-threat landscape, human error remains one of the most exploited weaknesses. But it does not have to be,” she noted, adding that well-trained employees are often able to detect subtle warning signs that automated tools may miss.
Itua explained that a strong, human-centred phishing defence programme relies on early detection and swift reporting, supported by a workplace culture where employees feel safe flagging suspicious messages without fear of blame or retribution.
She listed what effective phishing awareness training should look like for Nigerian organisations, stressing that such programmes must be regular, realistic and engaging.
One key approach, she said, is the use of simulated phishing campaigns that mirror real-world attacks, including fake financial requests, chat-based scams and QR-code prompts.
These simulations help reinforce learning and reveal which teams may be more vulnerable.
She also advocated micro-learning modules, short, focused training sessions delivered frequently, rather than lengthy annual seminars.
These, she said, can be used to educate staff on emerging threats such as multi-factor authentication spoofing or phishing through collaboration platforms like Microsoft Teams and Slack.
In addition, Itua said scenario-based workshops using real Nigerian business cases are crucial, adding that such sessions walk employees through realistic situations, such as urgent payment requests from seemingly familiar senders, and help them identify red flags and appropriate responses.
The security operations analyst further emphasised the need for cross-channel awareness, noting that phishing is no longer confined to email.
“Employees must be trained to question suspicious messages on WhatsApp, Telegram and SMS, especially those that appear urgent or request credentials,” she said.
Leadership involvement, she added, is equally important. When executives and senior managers actively participate in training, it sends a clear message that cybersecurity is a business priority, not merely a technical concern.
Beyond security, Itua highlighted the business case for investing in staff training, describing the return on investment as compelling.
Effective training, she said, reduces incident rates, saves money by preventing costly breaches and downtime, builds trust with customers and partners, and supports regulatory compliance as data protection laws tighten.
Itua argued that Nigerian organisations must shift their mindset from relying solely on tools to empowering people.
“The companies that will win this battle are not those with the most expensive technology, but those with informed, alert and empowered employees,” she said.
