However, with these connections come greater risks, hackers, scams, and other cyber threats that exploit a single careless click.

To mark Cybersecurity Awareness Month, the National Information Technology Development Agency (NITDA) is urging Nigerians to take personal responsibility for protecting themselves and their communities online. The Agency emphasizes that cyber safety begins with individual action and that simple steps can make a significant difference.

Speaking on the importance of this year’s campaign, Mrs. Hadiza Umar, director, Corporate Communications and Media Relations at NITDA, said the Agency is committed to raising national awareness on digital safety.

“Cybersecurity is everyone’s business,” Mrs. Umar stated. “As more Nigerians embrace technology for work, education, and daily living, it is vital that we all adopt safe online habits. A single act of caution, like using strong passwords or verifying a link before clicking, can prevent major data breaches and financial losses. Together, our collective vigilance builds a safer digital nation.”

She noted that this year’s theme, “Cyber Hygiene for a Safer Tomorrow,” underscores the shared responsibility required to build a secure digital future. By protecting themselves, individuals also safeguard their families, workplaces, and the wider online community.

NITDA recommends that Nigerians adopt the following cyber hygiene practices to strengthen their digital safety:

• Use strong and unique passwords for all online accounts.
• Enable two-factor authentication to add an extra layer of protection.
• Keep devices and applications updated regularly.
• Back up important data frequently.
• Avoid suspicious links or attachments from unknown sources.
• Think carefully before sharing personal or financial information online.

Mrs. Umar reiterated NITDA’s commitment to building a secure and digitally resilient Nigeria through continuous education, stakeholder collaboration, and responsive policy implementation.

“As we continue to strengthen Nigeria’s digital ecosystem, we call on all citizens to stay alert, click wisely, and stay safe online,” she added.

Earlier this year, the Central Bank of Nigeria (CBN) revealed that financial fraud surged by 45% in the past year, with 70% of losses linked to digital platforms such as mobile apps, unregulated fintechs, and virtual asset schemes. 

The Economic and Financial Crimes Commission (EFCC) has also said that Nigeria could be among the countries to lose part of the $10.5 trillion the world stands to forfeit to cybercrime by 2025, with more than 2,300 cases reported every single day.

So, while we are celebrating progress, more people using apps to pay bills, more traders moving money with a tap of the phone, the other situation is that cybercrime is growing just as fast, if not faster. And it is not just the numbers that are frightening; it is the fact that we are unprepared for the scale of the problem.

Nigeria’s digital economy is expanding at a pace few imagined a decade ago. From mobile banking to online trading platforms, the transition to digital is bolstering how people and businesses move money. But then, there is the high cost that we can no longer ignore, and this is the surge in cybercrime.

The Banking Sector’s Burden

In this tussle, every new defence banks create seems to attract a smarter counterattack from fraudsters.

The surge in cyberattacks has left banks with little choice but to commit more resources to security systems, monitoring tools, and compliance processes. CBN’s fraud data has made it clear that the costs of inaction are higher than the costs of investment.

But this creates a dilemma. Every new layer of authentication, every delay in transaction verification, while essential for safety, can frustrate customers. And as banks invest more, cybercriminals adapt faster, deploying equally advanced tactics to breach these systems. What we are witnessing is an arms race, one that is expensive, relentless, and unavoidable.

Ponzi Schemes and Digital Traps

The Securities and Exchange Commission (SEC) has repeatedly warned about virtual asset frauds and Ponzi-style investment schemes. In 2024 alone, over 30 such schemes were flagged by regulators. Many exploited the language of digital currencies and blockchain to lure small investors. 

The damage goes beyond the immediate victims; it destroys trust in the entire financial system. When the public starts to doubt that digital platforms are safe, adoption slows, and genuine businesses suffer.

This is beyond a tussle between banks and hackers, but between regulators and shadowy schemes feeding off public trust.

Why Nigeria is at Risk

Cybercrime thrives where opportunity meets weakness, and Nigeria provides both. Digital adoption is rapid, but cybersecurity awareness among users is low. Enforcement of existing regulations is patchy, and the frameworks themselves usually lag behind the pace of innovation. 

At the same time, a troubling reality is that unemployment is feeding into the cybercrime economy. For many young people, fraud, whether through phishing scams or so-called “Yahoo Yahoo”, is seen as a viable path to survival.

The True Cost of Digital Growth

The impact of unchecked cybercrime runs deeper than balance sheets:

• Financial cost: Billions lost yearly, alongside increased budgets for cybersecurity infrastructure.
• Trust cost: Users lose trust in digital channels, sabotaging the cashless economy drive.
• Policy cost: Regulators try to meet up, introducing rushed directives that may repress innovation.
• Opportunity cost: Investors may think twice about putting money into Nigeria’s fintech ecosystem if risks appear unmanageable.

These layers of cost collectively threaten to slow down the momentum Nigeria has built in digital scale.

Countries like India and Kenya have confronted similar challenges. India’s digital public infrastructure includes stronger user authentication protocols, while Kenya has leaned on regulatory sandboxes to test fintech innovations under supervision. 

These examples show that progress and protection can go hand in hand. Nigeria does not lack capacity, but what is missing is a coordinated, enforced, and forward-looking cybersecurity strategy.

To contain the threat, several steps are urgent:

1. Regulatory enforcement: CBN, NITDA, and SEC must demand minimum cybersecurity standards for all digital service providers.
2. Public education: Cybersecurity literacy campaigns are as important as financial literacy. Users must recognise threats before they click.
3. Shared intelligence: Banks, telcos, fintechs, and regulators should collaborate on real-time data sharing about fraud attempts.
4. Investment in talent: Nigeria needs to build its pool of cybersecurity experts and make it a career path worth pursuing.

We cannot celebrate digital progress while ignoring the holes in the foundation. Every fraudulent transfer, every compromised account, chips away at public trust in Nigeria’s digital resilience. 

The question is not whether cybercrime will continue — it will. The real question is whether Nigeria is prepared to pay the price of protecting its digital economy, or whether the cost of inaction will outweigh the progress we have worked so hard to achieve. These and more are steps in the right direction that could help overcome Nigeria’s cybersecurity challenge. 

This escalation has stressed the urgent need for large retail operators across the United States to be more careful and cautious, watching out for possible vulnerabilities.

In a direct alert issued on Wednesday, John Hultquist, a senior analyst at Google’s cybersecurity division, stated: “U.S. retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs.”

The warning follows a string of successful cyberattacks on British retailers, including Marks & Spencer, whose online operations have remained paralysed since April 25. These attacks have been traced back to a group linked to the cybercriminal collective known as “Scattered Spider.”

This loosely organised network is made up of hackers of varying skill levels. While the structure may seem scattered, the execution of their campaigns has been anything but. Their strategy is to target one sector, exploit its weaknesses, then move on. Right now, that sector is retail.

Scattered Spider is no newcomer to headline-making breaches. In 2023, they infiltrated U.S. casino giants like MGM Resorts International and Caesars Entertainment, causing significant financial and operational disruption. The shift to retailers suggests a deliberate and calculated evolution in their approach.

We’ve seen this before, hackers pushing through what should be solid security systems, often using creative methods like phishing, social engineering, and credential theft. The Scattered Spider-linked attackers aren’t simply opportunists, but tactically selecting targets and dismantling them with precision.

The issue isn’t just technical. Law enforcement agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), have been unable to contain the group. Their flexibility, the youth of many members, and the unwillingness of victims to cooperate have all hindered investigations. Neither the FBI nor CISA have provided public updates on the matter.

Retail industry platforms in the U.S. are taking the threat seriously. Christian Beckner, vice president at the National Retail Federation, confirmed that his organisation has been actively monitoring the UK incidents. “We’ve been closely tracking everything going on in the UK over the past few weeks,” he said. “There aren’t geographic boundaries on these threats.”

Meanwhile, the Retail & Hospitality Information Sharing and Analysis Centre (ISAC), which includes members such as Costco, McDonald’s, Lowe’s, and Albertsons, is now coordinating with Google to brief its members and strengthen defences.

Beyond a random cyber attack, we are looking at a sustained campaign targeting a specific sector with high-value data and operational exposure. If this is not resolved, we could be seeing a major escalation in the cybersecurity sector.

The vulnerability, identified as CVE-2025-2783, was discovered by Kaspersky security researchers earlier this month.

The flaw allowed attackers to bypass Chrome’s security barriers and access users’ data. Google confirmed that hackers were actively using this exploit before the fix was released, making it a zero-day vulnerability—one that is exploited before the software vendor has a chance to address it.

Kaspersky linked the attack to a campaign they call “Operation ForumTroll”, where victims received phishing emails disguised as invitations to a Russian global political summit. Clicking the embedded link redirected them to a malicious site that immediately exploited the Chrome bug to gain unauthorised access to their data.

According to Kaspersky, the attack primarily targeted Russian media professionals and employees at educational institutions. The goal appeared to be espionage, with hackers potentially working under a state-sponsored operation. 

The security firm has not identified the perpetrators but pointed to the level of sophistication seen in government-backed cyber operations.

Zero-day vulnerabilities in browsers like Chrome are highly valuable to cybercriminals and intelligence agencies. Exploits that allow remote access to devices can fetch millions on the underground market. Last year, one exploit broker was offering up to $3 million for similar security flaws.

Google’s Response and Security Patch

Google has now rolled out an update to Chrome version 134.0.6998.177/.178 for Windows, which will be released to users in the coming days. The fix was contributed by Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) of Kaspersky, who first reported the issue on March 20, 2025.

The company is keeping full details of the vulnerability under wraps until the majority of users receive the update. In some cases, Google restricts information when a bug affects third-party software that has yet to be patched.

While Google has resolved the issue, users are still at risk if they have not updated their browsers. Cybercriminals actively exploited this flaw, and any delay in applying the patch could leave systems exposed.

Google has urged users to update Chrome as soon as possible, stating, “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

For those still using outdated versions, the Extended Stable Channel has also been updated to 134.0.6998.178 to provide security fixes.

It is important for companies to be vigilant about their cybersecurity measures, but how do you recognize the signs that your business might be targeted? This can make a significant difference in preventing a potential breach. 

Here are six signs that indicate you might need a cybersecurity checkup for your company:

1. Unusual Network Activity:

If you notice unexpected network activity, such as slow internet speeds, unexplained data transfers, or unauthorized access attempts, it could be a sign of a cyber intrusion. Monitor your network traffic regularly to detect any unusual patterns.

2. Suspicious Emails and Messages:

Phishing emails and messages are common tactics used by hackers to gain access to sensitive information. Be cautious of unsolicited emails, especially those asking for login credentials or financial details. Educate your employees about the signs of phishing attempts and encourage them to report any suspicious emails they receive.

3. Unfamiliar Devices or Accounts:

If you notice unfamiliar devices connected to your company network or unauthorized user accounts, it’s a clear indication of a security threat. Regularly review and update user access privileges to ensure that only authorized personnel can access sensitive data.

4. Software Vulnerabilities:

Outdated software and applications are vulnerable to exploits. Cybercriminals often target businesses that use outdated software with known security flaws. Regularly update your operating systems, antivirus programs, and applications to patch security vulnerabilities and protect your systems from potential attacks.

5. Sudden Increase in Failed Login Attempts:

A sudden surge in failed login attempts, especially on critical systems, indicates that someone is trying to gain unauthorized access. Implement account lockout policies and two-factor authentication to mitigate the risk of brute-force attacks.

6. Unexpected Pop-ups or Redirects:

If your employees encounter unexpected pop-ups, redirects to suspicious websites, or unauthorized software installations, your network might be compromised. Advise your staff to avoid clicking on suspicious links and to report any unusual pop-ups or redirects immediately.

Preventing Cybersecurity Threats

While these signs can alert you to a potential cyber threat, you equally need to proactively invest in cybersecurity measures to protect your business. 

Conduct regular security audits, employee training sessions, and vulnerability assessments. Implementing robust firewalls, encryption methods, and intrusion detection systems can significantly enhance your company’s cybersecurity posture.

Amid the Ukrainian invasion, hackers targeted a Russian taxi app by sending hundreds of drivers to the same destination, resulting in severe traffic jams in Moscow.

On Thursday, September 1, it was announced that Yandex Taxi, a Russian service similar to Uber that enables users to order taxis to their location, had been targeted.

In a statement seen by TechEconomy, the company confirmed the cyberattack:

‘On the morning of September 1, Yandex Taxi encountered an attempt by attackers to disrupt the service — several dozen drivers received bulk orders to the Fili region,’ the company said in a statement to Forbes.ru.

As a result of the hack, taxis flooded Moscow’s Kutuzovsky Prospekt – a major road that runs east to the west leading into the centre of the Russian capital.

The company said its security department ‘immediately stopped attempts to artificially’ order the taxis. However, this was not enough to stop the gridlock.

‘Drivers still spent about 40 minutes in traffic jams due to fake orders. The issue of compensation will be resolved in the near future,’ the company said.