Identity Becomes New Battleground as Cyberattacks on Nigerian Firms Hit Unprecedented Levels

• Nigeria has been hit with a record cyberattacks in the third quarter of this year, according to a recent report
• The report, which was released by essentry’s Eagle’s Eyes, shows unprecedented data breaches affecting organisations
• The report said cyberattacks in Nigeria jumped over 1,000$ relative to the previous quarter of this year

Pascal Oparada is a journalist with Legit.ng, covering technology, energy, stocks, investment, and the economy for over a decade.

Nigeria witnessed a dramatic escalation in cyberattacks in the third quarter of 2025.

A new report from esentry’s Eagle’s Eyes platform shows that data breaches affecting Nigerian organisations jumped by 1,047 percent compared to the previous quarter.

On average, the country recorded more than 6,100 cyberattacks every week in July, and this pace continued through the quarter.

The report describes this period as a defining moment in the scale and complexity of digital attacks, especially for sectors with high-value data such as fintech.

Read also

Yahoo boys in trouble: CBN gives Access, Zenith, other banks deadlines to refund fraud victims

Identity emerges as the weakest link

One of the most striking findings in the report is a shift in the way attackers gained entry into corporate networks.

Rather than relying on software vulnerabilities, intruders increasingly used valid credentials. Many of these were harvested from old data leaks or belonged to former employees whose access had never been revoked.

Digital forensics uncovered multiple cases where dormant service accounts, outdated identity tokens and forgotten login rights created easy entry points.

Once inside, attackers blended into normal user activity, established persistence and prepared for large data extractions without triggering immediate suspicion.

This approach represents a sharp break from the opportunistic hacks that dominated earlier years.

The report describes identity as the new doorway into Nigerian organisations, with attackers studying trust paths and internal permissions to move quietly through systems that appeared secure on the surface.

Growing sophistication and patience

The activity observed in Q3 paints a picture of adversaries who operate with methodical precision. Instead of rushing, they took time to understand internal controls, disguise their movements and expand their reach.

Read also

Jubilation as rescued Niger, Kebbi students get 2-year full scholarship

This made early detection harder and allowed intruders to stay inside networks for longer periods.

esentry’s Chief Business Officer, Gbolabo Awelewa, noted that the threat environment now reflects organised, identity-driven campaigns rather than random cybercrime.

He explained that the shift signals a new stage in Nigeria’s cybersecurity challenges and underlines the need for stronger oversight of identity systems.

Part of a global trend, but more intense in Nigeria

Identity-focused attacks are rising worldwide, but the report says Nigeria experienced the change with unusual force.

Rapid digitisation, gaps in access control and inconsistent off-boarding processes created conditions that attackers exploited. As core infrastructure strengthened, identity systems emerged as the least protected surface.

Intruders often relied on low-profile techniques that generated little noise, allowing them to operate unnoticed. These methods enabled long-term access and created a growing risk of large data losses.

What comes next

The report forecasts that identity-based intrusions will dominate Nigeria’s cyber landscape in the coming year.

Organisations are urged to re-examine their security frameworks, improve ongoing identity monitoring and adopt tools that can detect suspicious credential use before it causes disruption.

Read also

Revamping schools' security in high-risk states, by Lekan Olayiwola

It concludes that Nigeria’s cyber resilience will depend on how quickly institutions acknowledge identity as the new perimeter and adjust their defences to match the scale of the threat.

A prior report by Legit.ng disclosed that Nigerians banks are increasingly coming under attacks by scammers.

Access Bank, Nigeria’s largest financial institution by assets, has recorded a staggering ₦1.64 billion ($1.13 million) loss to fraud in the first half of 2025, a sharp 254.02 percent surge from ₦464.12 million ($320,478) a year earlier.

The revelation, contained in the latest financial report from its parent company, Access Holdings, underscores how rapidly evolving fraud tactics continue to challenge even the country’s most technologically advanced banks.

CBN gives banks deadlines to refund fraud victims

Legit.ng earlier reported that the Central Bank of Nigeria has introduced a new framework that forces banks and fintechs to speed up how they handle fraud complaints and refund victims.

Under this draft guideline, customers must report suspected fraudulent transactions within 72 hours, while financial institutions have a 16-working-day window to investigate and return funds.

Read also

Global watchdog applauds NUPRC’s $10bn licensing round as global model for transparency, investment

The move follows a sharp rise in fraud across the financial system.

Source: Legit.ng