Nigeria Sees Unprecedented Spike in Cyber Threats Amid Evolving Attack Strategies
In the third quarter of this year, Nigeria faced an alarming surge in cyber threats, with data breaches impacting local entities increasing by a staggering 1,047% compared to the previous quarter. This dramatic rise was highlighted in the newly released Eagle’s Eyes Q3 2025 cybersecurity report, which revealed that from July onwards, the country experienced an average of 6,101 cyber attacks per week. This marked a significant shift in both the volume and sophistication of threats targeting high-profile sectors, particularly within the fintech industry.
The report’s analysis indicates a notable evolution in attack methods. Unlike previous years, where technical vulnerabilities were the primary entry point, adversaries are increasingly utilizing valid credentials. These credentials are often acquired from earlier data breaches or remain active despite the departure of former employees. Digital forensics conducted by esentry uncovered multiple instances in which intruders exploited dormant service accounts and neglected access rights, allowing them to infiltrate networks stealthily and prepare for extensive data exfiltration without drawing attention.
This shift in tactics signifies a departure from opportunistic attacks characteristic of the past. Modern attackers are treating identity as the new critical entry point, diligently examining trust relationships and exploiting inadequately secured internal pathways. Consequently, Nigerian and broader African institutions are contending with more strategic adversaries who exhibit patience and a heightened ability to blend into legitimate user activity, complicating early detection efforts.
In a statement reflecting on these findings, Gbolabo Awelewa, Chief Business Officer at esentry, emphasized, “As the threat landscape evolves, Nigeria is confronted not just by opportunistic cybercrime but by organized, identity-driven campaigns that operate with clear intent and precision.” Despite the significant increase in cyber threats, Awelewa noted that this moment also presents an opportunity for transformation. By implementing robust controls, enhancing identity oversight, and harnessing early-warning intelligence, Nigerian organizations have the potential to stay ahead of these evolving threats. He affirmed esentry’s commitment to ensuring the cybersecurity landscape in Nigeria is characterized by preparedness and resilience rather than fear.
The report also observed that the rise in identity-centric attacks aligns with global trends; however, Nigeria’s experience has been especially acute due to rapid digital adoption coupled with inconsistent identity governance practices. As critical infrastructure becomes more fortified, attackers are shifting their focus toward identity structures, exploiting gaps in monitoring and off-boarding procedures to maintain persistent access through discreet and low-profile techniques.
Looking forward, the esentry report predicts that identity-based threats will dominate the cybersecurity landscape for Nigerian organizations in the coming year. As adversaries refine their methods of intrusion, the report urges institutions to reevaluate their security frameworks, emphasize continuous identity oversight, and adopt detection models that can identify credential misuse before it escalates into more severe disruptions.
Ultimately, Nigeria’s cyber resilience will largely hinge on how swiftly organizations acknowledge identity as a pivotal concern and realign their defenses accordingly. Understanding the MITRE ATT&CK framework can aid organizations in this endeavor, highlighting relevant tactics such as initial access through valid credentials, persistence via dormant accounts, and the potential for privilege escalation. By proactively addressing these vulnerabilities, businesses can fortify their defenses against the evolving threat landscape.
