Findings from the newly released esentry Eagle’s Eyes Q3 2025 cybersecurity report showed that the country logged an average of 6,101 attacks per week in July, a pace that continued through the quarter and marked a turning point in the volume and sophistication of attacks targeting high-value institutions, especially in the fintech sector.

The report’s analysis indicated a decisive shift in how attackers gained access to corporate environments. Instead of exploiting technical vulnerabilities, adversaries increasingly entered systems using valid credentials, often harvested from previous data leaks or left active long after employees had departed.

Digital forensics conducted by esentry uncovered numerous cases in which dormant service accounts, stale identity tokens, and overlooked access rights enabled intruders to stealthily gain network access, establish persistence, and prepare for large-scale data extraction without raising immediate suspicion.

This transformation in attack patterns marked a clear departure from the opportunistic hacking that characterised earlier years. Attackers treated identity as the new point of entry, studying trust relationships and exploiting internal access pathways that organisations had not fully secured.

Nigerian and African institutions found themselves confronting adversaries who acted with greater patience and precision, blending into legitimate user activity in ways that made early detection far more difficult.

Commenting on the report, Gbolabo Awelewa, chief business officer (CBO) of esentry, said,

“As the threat landscape evolves, Nigeria is no longer dealing with opportunistic cybercrime, but confronting organised, identity-driven campaigns that move with intent, patience, and precision. Despite the surge in threats, this moment is also a turning point. With the proper controls, stronger identity oversight, and early-warning intelligence, Nigerian organisations can stay ahead of these attacks. Our role at esentry is to ensure that the future of cybersecurity in Nigeria is not defined by fear, but by preparedness and resilience.”

The report also noted that this surge in identity-centric intrusions mirrored global developments, though Nigeria experienced the shift with unusual intensity due to rapid digitisation and inconsistent identity governance.

As core infrastructure hardened, attackers refocused on identity structures as the least protected surface, exploiting gaps in monitoring and off-boarding processes and maintaining long-term access to corporate environments through subtle, low-noise techniques.

Looking ahead, the esentry report projected that identity-based threats would define the coming year for Nigerian organisations.

With adversaries refining this method of intrusion at scale, the esentry team urged institutions to reassess their security frameworks, prioritise continuous identity oversight, and adopt models capable of detecting credential misuse before it escalates into significant disruption.

The report concluded that Nigeria’s overall cyber resilience would depend on how quickly organisations recognised identity as the new perimeter and aligned their defences accordingly.

More about esentry

esentry delivers customised cybersecurity services based on the unique needs of each customer segment. With a deep understanding of all facets of cybersecurity, esentry provides an end-to-end portfolio of services and products to businesses of all sizes worldwide.

During an exclusive media roundtable hosted by the cybersecurity firm, which provided insights into the trends and developments impacting the cybersecurity sector in the first six months of the year 2024, Gbolabo Awelewa, chief solutions officer at Cybervergent, explained the importance of cybersecurity vigilance. 

“In the past, we did a lot of this work without making it public. As tech people, we worked with our customers and didn’t realize how much we could improve the ecosystem by sharing these insights,” Awelewa said, pointing to the need for greater transparency within the industry.

The rise in cyber-attacks in Africa surged by 37%, with organizations facing an average of 2,960 attacks per week. 

This surge, coupled with evolving threats, stressed the importance of SOCs in monitoring, detecting, and mitigating risks. 

The SOC was likened to a fitness trainer, providing personalized recommendations to strengthen organizational cybersecurity measures, ensuring that systems remain resilient even in the dynamic threat space.

The H1 report also disclosed that 19,920 endpoints were actively protected, while 226,103 security events were resolved through automated processes. However, the SOC also faced challenges, including the identification of 13,305 false positives, which the platform meticulously filtered out.

Cyber Weaknesses and Challenges 

The report shed light on weaknesses that continue to affect organizations, particularly in sectors like financial services and healthcare. 

One major issue identified was the use of outdated legacy systems. “Many organizations, especially in financial services, are using legacy systems that are out of support. These systems often have vulnerabilities that can be exploited,” Awelewa said. 

He noted that efforts to put compensating controls around such systems often lead to further complications, especially when resources are limited.

Other challenges included human error, insufficient training, and a lack of awareness of the latest security standards, which left many organizations vulnerable to breaches. 

Awelewa further explained that fraud cases are often a result of intentional human actions, disguised as errors. “The biggest leaks in organizations today are due to human error — both intentional and unintentional,” he added.

Malware Trends and Threat Landscape 

The report detailed several emerging malware threats that organizations faced, including SocGholish, which uses social engineering to trick users into downloading malicious files, and Scattered Spider (UNC3944), which bypasses multi-factor authentication and infiltrates through cloud identities. 

The growing threat of Rilide Stealer was also revealed. This targets Chromium-based browsers to steal email credentials and crypto assets, as well as Vidar Infostealer, which compromises everything from crypto wallets to web browsers.

One of the most concerning malware identified was Vidar Infoskiller, a particularly dangerous tool that targets Windows-based applications and crypto wallets. Awelewa described the malware as “capable of bypassing multiple security layers, leading to serious financial losses.” 

He advised organizations to regularly update their software and educate employees on the latest phishing tactics to mitigate such risks.

Industry-Specific Challenges 

Cybervergent’s report also disclosed sector-specific cybersecurity challenges. For instance, the healthcare sector faces several difficulties in handling sensitive patient data within complex systems, while the education sector is constrained by limited budgets, preventing investments in advanced security measures. 

The manufacturing and retail sectors were noted for their struggle in balancing operational technology (OT) and IT security.

SOC as a Pillar of Resilience 

Cybervergent’s SOC played a very important role in defending against these evolving threats by continuously monitoring alerts, events, and threat indicators. 

A total of 116,580 detection analytics were applied, and SOC analysts meticulously examined 304,522 events, leading to the identification of 42,200 potentially malicious activities. This approach allowed the SOC to tailor cybersecurity measures to improve clients’ overall cyber health.

Awelewa likened the SOC’s role to that of a fitness coach, constantly guiding organizations to strengthen their security posture. “Our job is to spot threats early and help our customers respond quickly. It’s all about being proactive,” he reiterated, stressing the need for organizations to adopt assertive cybersecurity measures instead of reactive approaches.

Cybervergent — H2 Focus on Zero-Day Exploits and CaaS 

For the second half of 2024, Cybervergent looks to focus on combating zero-day exploits, strengthening cloud security, and addressing the rise of Cybercrime-as-a-Service (CaaS). 

Awelewa emphasized the need for organizations to fortify their defences, particularly against insider threats and sophisticated ransomware attacks.

He called on all organizations to prioritize cybersecurity, treating it not just as a compliance requirement but as an integral component of their operational strategy.

Remaining vigilant and investing in strong security tools will enable companies to build a more resilient defence even as the digital environment becomes more hostile.

“In cybersecurity, it’s not about if an attack will happen, but when. Preparedness is key,” Awelewa concluded.