• Thursday, 20th March, 2025

Cybersecurity in Nigeria and Beyond: Major Incidents and What Lies Ahead

Life & Style | 1 month ago

Anthony Fakiyesi

The year 2024 was a defining period for cybersecurity, marked by escalating cyber threats, regulatory changes, and the increasing integration of artificial intelligence (AI) in both attack and defense mechanisms.

Globally, organisations faced more sophisticated cyber-attacks, while in Nigeria, a surge in cyber fraud, ransomware attacks, and data breaches underscored the urgent need for enhanced security strategies. As we step into 2025, businesses and governments must brace for evolving threats while leveraging AI-driven cybersecurity solutions.

According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach reached $4.67 million, a 5% increase from the previous year. Additionally, ransomware attacks accounted for 27% of all cyber incidents, with the financial and healthcare sectors being primary targets. The rise of AI-generated phishing attacks and supply chain vulnerabilities contributed to the growing complexity of cyber risks. A report by Cybersecurity Ventures projected that global cybercrime damages exceeded $10.5 trillion in 2024, driven by increasing nation-state attacks, insider threats, and deepfake-enabled fraud. The use of zero-day exploits also surged, as attackers leveraged vulnerabilities before patches could be implemented.

In North America, one of the notable incidents involved an espionage group known as “Salt Typhoon,” believed to be originated from China infiltrated major telecommunications providers in the US, including Verizon and AT&T. This breach allowed unauthorised access to the private communications of numerous Americans, highlighting the susceptibility of critical infrastructure to sophisticated cyber espionage campaigns.

Europe faced its share of cyber challenges, with the United Kingdom’s National Health Service (NHS) experiencing significant incidents. In June 2024, a ransomware attacks targeted Synnovis, a pathology services provider, compromising patient and clinician confidential data and disrupting NHS services. Later in November, the Wirral University Teaching Hospital NHS Foundation Trust declared a “major incident” due to a cyberattack, leading to the cancellation of outpatient appointments and delays in emergency care.

In Asia, the healthcare sector was notably impacted. In May 2024, Ascension Health System, a non-profit organisation operating across multiple states, suffered a ransomware attack that disrupted clinical operations.

The breach began when an employee inadvertently downloaded malware, leading to the diversion of emergency care from some hospitals and highlighting the vulnerabilities within healthcare IT systems. In addition, In June 2024, Indonesia’s Temporary National Data Center was paralysed by a ransomware attack, impacting 282 public services, including immigration, tax, and government portals. The attack, carried out by an unidentified cybercriminal group, led to widespread disruption and national panic. While authorities eventually obtained a decryption key, significant data loss had already occurred, making it one of the most damaging cyber incidents in the region.

According to Checkpoint, Africa experienced a substantial increase in cyber threats, with organizations facing an average of 3,370 attacks per week—a 90% rise from the previous year.

This surge affected various sectors, including telecommunications and financial services, emphasising the need for enhanced cybersecurity frameworks across the continent.

The financial sector was a primary target in South America. A significant incident involved a ransomware attack on a major Brazilian financial institution, leading to substantial data breaches and financial losses. This event highlighted the increasing sophistication of cybercriminals targeting the region’s financial infrastructure.

Even the remote continent of Antarctica faced cybersecurity challenges. In 2024, research stations reported attempted cyber intrusions aimed at accessing sensitive climate data. While these attempts were thwarted, they underscored that no region is beyond the reach of cyber threats.

As Africa’s largest digital economy, Nigeria has seen rapid technological adoption, but this progress has also made it a prime target for cybercriminals. In 2024, the country faced a surge in cyber fraud and cyberattacks that exposed vulnerabilities in its digital infrastructure and financial systems.

Reports from the Nigeria Inter-Bank Settlement System (NIBSS) indicated a 45% rise in financial fraud cases, leading to estimated losses of over ₦150 billion ($180 million). The National Information Technology Development Agency (NITDA) also recorded an increase in data breaches affecting private corporations and public institutions. In December 2024, the National Bureau of Statistics (NBS) suffered a cyberattack that defaced its website, raising concerns about the security of government digital platforms. In April 2024, fintech giant Flutterwave experienced a security breach resulting in unauthorised transfers of approximately ₦11 billion ($7 million), exposing vulnerabilities in Nigeria’s fintech sector. Sterling Bank Plc was also targeted in a cyberattack, leading to financial losses exceeding ₦1.2 billion and the apprehension of five individuals.

Cyber fraud extended beyond financial institutions, with Meta, the parent company of Facebook and Instagram, announcing the removal of 63,000 Instagram accounts linked to sextortion schemes originating from Nigeria. These scams primarily targeted victims in the United States, coercing them into sharing explicit content before blackmailing them.

To combat cybersecurity incidents in Nigeria, a comprehensive approach is essential. First, Nigeria must strengthen its cybersecurity legislation, updating the Cybercrimes Act to address emerging threats like AI-driven attacks and ransomware. Establishing stricter regulations for data protection and critical sectors will create a robust legal framework.

Enhancing National Cybersecurity Infrastructure is equally important. A dedicated National Cybersecurity Command Center (NCCC) should coordinate threat detection and incident response across government and private sectors, ensuring real-time monitoring and quick intervention during cyber incidents.

Building cybersecurity capacity through education and workforce development is vital. Professional training and certifications can help upskill IT personnel. Promoting ethical hacking and cybersecurity competitions will also foster local talent. Collaboration between the government and private sector is key. Financial institutions, telecoms, and fintech firms should work closely with law enforcement to share threat intelligence and strengthen security protocols.

Public awareness campaigns can educate citizens on safe online practices, reducing vulnerabilities caused by human error. Investing in advanced technologies, such as AI-driven threat detection, multi-factor authentication, and blockchain, will enhance Nigeria’s defense mechanisms.

Organisations should also have cyber incident response plans in place, with regular drills to ensure readiness.

On a global scale, Nigeria should engage in international collaborations with organisations like INTERPOL and ECOWAS to share intelligence and combat cross-border cybercrimes. Equipping law enforcement with advanced forensic tools will improve the investigation and prosecution of cybercriminals.

Finally, strict enforcement of the Nigeria Data Protection Regulation (NDPR) will ensure that organisations safeguard sensitive data through encryption, secure storage, and regular audits. By combining strong governance, technology, and public cooperation, Nigeria can build a resilient cybersecurity framework for the future.

As Nigeria continues its digital transformation, cybersecurity must be seen as a priority, not an afterthought. The lessons from 2024 should serve as a wake-up call for organizations, government agencies, and individuals to take cybersecurity more seriously in 2025 and beyond.

Fakiyesi – a Cybersecurity Researcher and Technology Expert wrote from the United Kingdom.

Related Articles

Founded on January 22, 1995, THISDAY is published by THISDAY NEWSPAPERS LTD., 35 Creek Road Apapa, Lagos, Nigeria with offices in 36 states of Nigeria , the Federal Capital Territory and around the world. It is Nigeria’s most authoritative news media available on all platforms for the political, business, professional and diplomatic elite and broader middle classes while serving as the meeting point of new ideas, culture and technology for the aspirationals and millennials. The newspaper is a public trust dedicated to the pursuit of truth and reason covering a range of issues from breaking news to politics, business, the markets, the arts, sports and community to the crossroads of people and society.

Helpful Links

Contact Us

You can email us at: hello@thisdaylive.com or visit our contact us page.