Cyber Attacks Surge 1,047% as Identity Becomes Nigeria’s Weakest Link

By Guest Writer

4 December 2025

Technology

BY SAMUEL MOBOLAJI

Nigeria experienced an alarming escalation in cyber threats in the third quarter of 2025, with data breaches involving Nigerian organisations soaring by 1,047 percent compared with the previous quarter.

The surge reflects a fundamental shift in how cybercriminals infiltrate corporate systems, increasingly targeting identity structures rather than technical vulnerabilities.

According to the newly released esentry Eagle’s Eyes Q3 2025 cybersecurity report, Nigeria recorded an average of 6,101 attacks per week in July, a trend that persisted through the quarter and signalled a significant rise in both the volume and sophistication of threats, particularly against high-value institutions in the fintech sector.

The report revealed that intruders now favour valid credentials over conventional exploit-based techniques, taking advantage of compromised passwords from earlier data leaks or accounts that remained active long after employees had left.

Digital forensics by entry uncovered multiple instances where dormant service accounts, outdated identity tokens, and neglected access rights enabled attackers to slip into networks unnoticed, maintain persistence, and prepare for large-scale data exfiltration.

This shift marks a departure from the opportunistic hacking that previously dominated Nigeria’s threat landscape. Attackers now treat identity as the primary entry point, studying trust relationships within organisations and exploiting internal pathways that remain insufficiently protected. Their operations blend into legitimate user activity, making early detection increasingly difficult for Nigerian and African institutions.

Commenting on the findings, the Chief Business Officer of esentry, Gbolabo Awelewa, said Nigeria is now grappling with organised, identity-driven campaigns that act deliberately and with precision, rather than random cybercrime.

He noted that the surge, while concerning, also offers organisations an opportunity to strengthen controls, enhance identity oversight, and adopt better intelligence systems.

The report observed that this rise in identity-centric intrusions mirrors global patterns, though Nigeria’s rapid digitisation and inconsistent identity governance have intensified the impact.

As infrastructure security improves, attackers have redirected their efforts towards identity systems, exploiting monitoring gaps and weak off-boarding processes to establish long-term, low-noise access to corporate environments.

Looking ahead, Esentry projected that identity-based threats will dominate Nigeria’s cybersecurity landscape in the coming year.

The report urged organisations to reassess their security models, prioritise continuous identity monitoring, and deploy systems capable of detecting credential misuse before it disrupts operations or finances.

It concluded that Nigeria’s long-term cyber resilience will depend on how quickly institutions recognise identity as the new security perimeter and adjust their defences to meet this reality.