Report Shows Healthcare, Financial Services and Telecoms as Staging Grounds for Increased Cyberattacks in Africa

Cyber adversaries targeting African organisations are increasingly shifting away from opportunistic attacks toward deliberate, sector-specific campaigns aimed at the continent’s most critical digital infrastructures, according to the esentry 2025 Annual Report released by esentry, a Lagos-based Africa’s leading indigenous Managed Security Service Provider (MSSP).

The report identifies healthcare, financial services and telecommunications as the primary staging grounds for high-velocity cyberattacks, reflecting a growing focus on sectors that underpin economic stability, public welfare, and digital connectivity across Africa.

The findings are drawn from one of the largest cybersecurity datasets analysed in the region. Over the course of 2025, esentry processed more than 31 billion security events, generating 3.5 million alerts and successfully blocking over 15,000 malicious attempts. This monitoring scale shows that, while traditional financial institutions remain a core target, the threat landscape has expanded to include digital lending platforms, healthcare systems that store sensitive personal data, and telecom operators responsible for national and regional connectivity.

Within the healthcare sector, the report highlights ransomware as the most acute risk, with attackers frequently exploiting exposed Remote Desktop Protocol (RDP) services to compromise patient data and disrupt essential medical operations. In financial services, organisations are facing a surge in credential abuse, insider-related threats, and info-stealer malware designed to enable fraud and unauthorised access. Telecommunications providers are increasingly targeted by highly tailored phishing campaigns and attacks on exposed web services, which aim to harvest credentials and compromise customer data.

Commenting on the findings, Gbolabo Awelewa, Chief Business Officer at esentry, said the nature of cyber threats across Africa has evolved significantly. “The threats we are seeing today are deliberate, informed, and carefully tailored to local enterprises. Attackers are exploiting trusted access and moving quietly within networks, which makes early detection critical. Our coordinated cybersecurity model, spanning Defence, Intelligence, Offence, and Security Engineering, allows us to combine scale, speed, and deep contextual insight to detect and neutralise threats before they escalate,” Awelewa said.
A defining trend identified in the report is the shift from overt system exploitation to the abuse of legitimate access. By leveraging compromised credentials and ‘living-off-the-land’ techniques, attackers can blend into routine enterprise operations and significantly delay detection. This approach has compressed the attack lifecycle, enabling adversaries to move from initial access to full operational impact in fewer than 15 days.

To counter this acceleration, the report emphasises the importance of early detection and automated response. esentry says it currently contains low-complexity incidents in under 90 seconds, using a combination of structured threat hunting and centralised telemetry to anticipate and absorb attacker pressure rather than reacting after damage has occurred.
As African organisations continue to digitise, the esentry 2025 Annual Report positions itself as a critical reference point for understanding the continent’s evolving cyber threat environment. The report concludes that protecting Africa’s digital trust will require a shift away from fragmented security tools toward disciplined, coordinated defence frameworks, what esentry describes as a unified Phalanx formation.