The training, held at the Staff Clinic Hall, Alausa, Ikeja, was themed “Cybersecurity in 2026: Defending Against Modern Threats in a Digital Workplace.”

It brought together personnel from multiple MDAs to improve their understanding of emerging cyber risks and modern security best practices.

The programme focused on key cybersecurity threats expected to shape the digital landscape in 2026. These included artificial intelligence-driven attacks, deepfake-enabled fraud, advanced phishing schemes, ransomware, identity theft, cloud security risks, and supply chain compromises.

Participants were taken through interactive lectures, scenario-based discussions, case studies, and practical sessions aimed at improving their ability to identify, prevent, and respond to cyber threats in the workplace.

Speaking during one of the sessions, Mr Olabanji Soledayo, Strategic Partnership manager and Cybersecurity Awareness evangelist at ESET Nigeria highlighted the growing importance of human awareness in combating sophisticated cyberattacks and safeguarding digital work environments.

He noted that individuals within organisations are a critical line of defence as attackers rely more on social engineering and identity-based tactics.

He also commended the Lagos State Government for its continued collaboration with ESET in strengthening cybersecurity capacity across its institutions.

Technical sessions at the training covered areas including email security, endpoint protection, ransomware defence, threat detection, and modern cybersecurity practices relevant to government institutions.

Speaking at the event, Mr Kadri Shamusideen, deputy director, Ministry of Science and Technology emphasized the importance of cybersecurity awareness as government services continue to undergo digital transformation.

He added that as government operations become increasingly digitised, cybersecurity awareness has become a critical component of public service delivery.

While technology provides the necessary security controls, our employees remain the first line of defence against cyber threats. Continuous education and awareness are therefore essential in ensuring that staff can identify emerging threats and respond appropriately.

Mr Kadri described the training as timely and relevant, noting that cyber threats continue to evolve in complexity and sophistication, commending the impressive turnout of participants and the support received from various MDAs across Lagos State.

According to him, strategic collaboration between government institutions and cybersecurity industry leaders remains critical to strengthening national cyber resilience.

ESET Nigeria noted that the programme forms part of its broader commitment to helping organisations across Nigeria improve cyber resilience through awareness, education, and advanced cybersecurity solutions.

The company noted that as cybercriminals increasingly adopt artificial intelligence, social engineering techniques, and identity-based attacks, employee awareness remains one of the most effective defences against modern cyber threats.

That works out to roughly $22.6 million lost every minute, every day, across governments, businesses and individuals. The cost of defending against those attacks is growing almost as fast. 

Global spending on cybersecurity is expected to approach $345 billion in 2026, and forecasts reveal total annual spending could reach $1 trillion by the early 2030s.

The average cost of a data breach in 2025 stood at $4.44 million globally, climbing to $10.22 million in the United States. Ransomware featured in around 44% of recorded breaches, even as fewer victims chose to pay. 

Cyber attacks increase continually year on year, driven by automation, better targeting and the simple fact that digital systems now underpin almost everything.

The attack surface is expanding faster than most organisations can secure it. 

What follows are the biggest cybersecurity threats businesses will face in 2026, based on patterns already visible today.

1. AI-Powered and Highly Targeted Cyber Attacks

Cyber attacks are becoming cheaper to launch and easier to scale. Criminal groups no longer need great technical skill to produce convincing phishing messages, fake voice calls or tailored malware. Attack campaigns are now personalised, fast and relentless.

Attackers are now using generative Al to create convincing phishing emails, deepfake audio/video, and automated malware. 

We are seeing more cases where attackers imitate senior executives, suppliers or regulators with unsettling accuracy. Finance teams, procurement units and public officials are frequent targets. 

The danger is not just deception, but speed. When a message looks real and arrives at the right moment, people act before they question it.

One of the cybersecurity threats in 2026 is volume combined with precision. These attacks do not rely on one success. They rely on thousands of attempts until one slips through.

2. Supply Chain and Third-Party Exposure

Major breaches over the past few years have shown a trend where attackers avoid heavily protected organisations and go after their suppliers instead. Software vendors, cloud platforms, managed service providers and open-source projects are all attractive targets.

One compromised update or exposed interface can grant access to hundreds or thousands of downstream organisations. In 2026, this risk grows as companies rely even more on external software, shared services and automated integrations.

Trust has become a vulnerability. Many organisations still assume that partners are secure simply because they are established or well known. Attackers know better.

3. Ransomware Without Limits

Ransomware has changed. Encryption alone is no longer the main weapon. Today’s attacks focus on data theft, public exposure and operational disruption. Systems may be damaged even if no ransom is paid.

In healthcare, finance and government, attackers now aim to interrupt services rather than lock files. Stolen data is used as leverage, sometimes months after the initial breach. Payment rates have fallen to roughly a quarter of victims, but disruption costs continually increase.

By 2026, ransomware will not be about files but about leverage. The damage is reputational, legal and operational.

4. Cloud Misconfiguration and Identity Abuse

The cloud has simplified technology and complicated security. Most breaches no longer begin with malware. They begin with stolen credentials, excessive access rights or exposed services.

Storage systems left open to the internet, poorly protected interfaces and unmanaged applications are common. Once attackers gain a foothold, they move silently using legitimate accounts, usually undetected for weeks.

The risk in 2026 is not cloud adoption itself, but poor management over who can access what. Identity has become the new perimeter, and many organisations are still treating it as an afterthought.

5. Insider Threats and Strategic Data Leaks

Not all threats come from outside. Employees, contractors and partners can also cause serious breaches, sometimes through carelessness, sometimes deliberately.

With data becoming more valuable, internal access becomes more dangerous. Sensitive customer records, proprietary software, internal research and training data are now high-value assets. In some cases, they are stolen not for immediate profit, but for long-term advantage.

In 2026, insider risk is harder to spot because work is more distributed and access is wider. Trust is necessary, but unchecked trust is risky.

6. Connected Devices and Smart Infrastructure

From factories to hospitals to city streets, connected devices are everywhere. Many of them were designed for function, not security. Weak passwords, outdated software and limited monitoring are common.

Smart grids, traffic systems, medical equipment and industrial controls are now part of the digital ecosystem. A single exposed device can become an entry point into much larger systems.

Disruption to these environments can affect safety, not just data. With smart infrastructure expanding, so does its appeal to attackers.

7. Attacks on Energy and Critical Infrastructure

Energy systems, data centres and communication networks are indispensable to economic stability. They are also highly targeted.

Power grids, fuel distribution, water systems and large-scale computing facilities represent high-impact targets. Attacks do not need to cause physical damage to be effective. Temporary disruption can be enough to cause financial loss, public concern or political issues.

By 2026, these systems will get higher attention from both criminal and state-linked actors. Defence in this area is beyond a technical issue. It is a national one.

8. Geopolitical Cyber Conflict

Cyber operations have become a standard tool in global disputes. Election interference, sabotage, data theft and disinformation campaigns are now routine features of geopolitical tension.

The line between crime and conflict is usually blurred. Some attacks are tolerated, others encouraged, knowingly or unknowingly. Attribution is difficult, and response options are limited.

In 2026, organisations operating across borders will face more exposure, whether they are directly targeted or caught in the middle.

9. Long-Term Encryption Risk

While advanced computing threats are not yet mainstream, attackers are already preparing for them. Sensitive data is being stolen and stored with the expectation that future advances will make today’s encryption easier to break.

This is not a problem for tomorrow. It is a problem created today. Intellectual property, state secrets and personal records stolen now may remain valuable for decades.

Organisations handling long-life data need to consider this risk now, not after standards change.

10. Regulation, Liability and Cost of Failure

Cybersecurity has moved into the legal and regulatory arena. Data protection laws, infrastructure regulations and sector-specific standards are getting more attention.

A breach is no longer just an incident but a compliance issue, a legal risk and a reputational crisis. Fines, lawsuits and operational restrictions are becoming more common.

In 2026, the cost of getting security wrong will extend well beyond technical recovery.

What This Means for 2026

The case is not that technology is failing but that complexity is winning. Systems are growing faster than proper management, and attackers are exploiting the gaps.

Security in 2026 will not depend on buying new tools, we need to know what systems exist, who can access them, and how quickly incidents can be contained.

The organisations that cope best will not be those with the biggest budgets, but those that understand their risks solidly and act early. Cyber threats are not an abstract danger but a constant cost of doing business, and in some cases, of keeping the lights on.

The data places Nigeria at the centre of a continental problem. While Africa’s digital economy is expanding speedily, security readiness is struggling to keep pace. 

Across the continent, organisations recorded an average of 3,153 cyberattacks per week, compared with 1,963 globally, putting Africa among the most targeted regions in the world.

In Nigeria, the financial sector is the main target. Banks, payment platforms, and fintech firms continue to face heavy pressure from phishing, business email compromise, and credential theft. 

Telecoms, energy, and healthcare operators are also seeing growing exposure as cloud services, mobile platforms, and connected devices are rolled out faster than security controls can mature.

The unique part is not just volume, but method. Across Africa, 77% of organisations were affected by information disclosure incidents, meaning sensitive data was exposed through misconfigurations, weak access controls, or unsecured systems. 

Email is the most effective entry point, responsible for 80% of malicious file delivery, showing that basic weaknesses are still being exploited at scale.

Ransomware has also changed shape. The report shows that 41% of major incidents in Africa now involve data-leak extortion, where attackers steal information and threaten public exposure rather than relying solely on system encryption. 

This approach increases reputational damage and regulatory risk, even when core operations remain running.

In Nigeria, identity theft, stolen session tokens, and API abuse are now more common than traditional malware attacks. In simple terms, attackers are logging in using valid credentials instead of forcing their way through defences.

Beyond Nigeria, several African countries are facing high pressure when it comes to cyberattacks. Kenya recorded 3,758 attacks per organisation each week, while South Africa, Morocco, and other markets continue to see heavy targeting of government services, education systems, and telecom infrastructure.

The operational cost of these attacks is rising. African organisations take an average of 18 days to detect and contain a breach, six days longer than the global average. The report links this delay to skills shortages, fragmented tools, and limited incident response capacity across many sectors.

High-profile incidents in 2025 underline the risk. Data exposure at Seychelles Commercial Bank, service disruption at South African Airways, and unauthorised access to customer data at MTN South Africa all followed a similar pattern: customer-facing systems were targeted, investigations were triggered, and trust became the real casualty.

Regulation is now increasing the pressure. With Europe enforcing stricter cybersecurity regulations under the NIS2 directive, African companies that trade with EU partners are expected to prove strong cyber controls as a condition for market access. Security, the report notes, has become a commercial requirement, not a back-office concern.

From Nigeria to the rest of the continent, Africa’s digital growth is speeding up, but attackers are moving just as fast. 

Cybersecurity in Africa has gone beyond preparing for future risks. The threat is already here, and for countries like Nigeria, the cost of inaction is becoming impossible to ignore.

Heimdal Security reveals that 62% of organisations now hold a cyber insurance policy, a steep growth from the previous year. This shows that attacks are moving faster, and firms are working to protect themselves before they are hit.

Danny Mitchell, cybersecurity writer at Heimdal Security, said: “Cyber insurance is no longer seen as optional; it’s fast becoming a cornerstone of modern business resilience.”

A Growing Market Facing New Challenges

The global cyber insurance market has reached $20.56 billion in 2025. Growth is no longer explosive, but the market’s size shows how deeply embedded insurance has become.

Premiums dipped over the past two years, but analysts expect them to rise again in 2026 as AI-enabled attacks grow more aggressive.

Mitchell explains this change: “We’ve reached a point where insurers finally understand cyber risk at scale. Prices dipped because claims fell, but as AI makes attacks faster and more targeted, expect those savings to disappear. What you save today on premiums could cost ten times more in the next data breach.”

Adoption Gaps Between Large and Small Firms

The uptake differs by region and company size. Some international studies report that large companies lead adoption, however, UK government findings disclose the opposite, small and medium-sized firms appear more eager to insure themselves than big corporations.

“Smaller firms recognise that one successful attack could shut them down entirely; they need insurance to back them up. Larger organisations often have internal teams and feel self-sufficient. But cybercriminals don’t discriminate by company size; they follow the path of least resistance,” Mitchell said.

AI Scams Drive Rising Demand

The most damaging attacks now come from AI-driven phishing, ransomware, and business email compromise. Ransomware alone accounts for 60% of major claims, with the manufacturing sector reporting the highest share this year.

Mitchell notes the shift in threat patterns: “You no longer need a genius hacker to pull off a multi-million dollar breach. Anyone with access to AI tools can replicate authentic emails or voices in seconds.”

Regulators are also bolstering expectations, pushing sectors like healthcare, finance and manufacturing to treat cyber insurance as part of compliance rather than convenience.

The Cost of Staying Uninsured

Average claim sizes have reached $115,000 globally, though some countries face far higher losses. For certain industries, individual ransomware incidents now exceed $631,000, making insurance a financial cushion that many businesses can no longer ignore.

Mitchell says the hidden costs usually go beyond the obvious ones: “A single attack can trigger legal fees, ransom payments, data restoration, and weeks of downtime. Cyber insurance gives businesses a fighting chance to recover, covering the damage while they rebuild operations.”

What Policies Actually Cover

Standard policies typically include support for legal fees, forensic investigations, data recovery, business interruption, and ransom payments.

But Mitchell warns firms not to assume full protection: “Some policies exclude social engineering, the very type of attack behind most major breaches. We still see businesses shocked to learn that a phishing attack isn’t fully covered because it was labelled ‘human error’.”

Why the Investment Pays Off

Studies from insurers show that companies with cyber insurance tend to experience fewer severe losses over time, partly because insurers demand better security practices.

Noting the linkage, Mitchell said: “Companies that invest in cyber insurance are often more security-aware. They tend to also invest in better defences, employee training, and regular audits. Insurance and prevention go hand in hand.”

A Final Warning for 2025

“Cyber insurance was once an afterthought, but today, it’s a strategic pillar of risk management. As cyber threats grow more sophisticated and regulations become more demanding, having coverage signals not only preparedness but also professional credibility. 

“Whether you’re a start-up or a multinational, you’re operating in a digital battlefield where attackers are faster, smarter, and often automated. Insurance isn’t a silver bullet, but it gives you breathing room when the worst happens.

“My advice to businesses is simple: pair strong cybersecurity defences with a well-structured insurance policy. Don’t wait for an attack to expose the gaps. Proactivity is the only real protection left in 2025.”

The company disclosed these findings in its August 2025 Threat Intelligence Report, raising fresh alarms over the fast-growing misuse of artificial intelligence in cybercrime.

According to the report, attackers attempted to manipulate Claude into: drafting phishing emails with psychological precision, generating and debugging malicious code, bypassing filters through repeated prompts, producing persuasive propaganda posts at scale, and even guiding inexperienced hackers with step-by-step instructions. 

In one case, Claude Code was used in a campaign that targeted 17 organisations, from healthcare providers to government agencies, with ransom demands reaching $500,000.

Anthropic confirmed that its security defences intercepted the activity. Compromised accounts were banned, high-risk prompts blocked, and restrictions placed on access to financial, adult, and pirated content. 

The company also introduced mandatory confirmation for risky actions such as publishing or sharing sensitive personal data. These measures, it said, cut the success rate of prompt injections from 23.6% to 11.2%, a notable improvement in system resilience.

The company explained: “We will continue publishing reports whenever we detect major threats. Our goal is to help the wider community understand how these systems may be exploited and how to stop them.”

Earlier this year, Microsoft’s Azure OpenAI service was breached, allowing hackers to generate harmful content by sidestepping safeguards. OpenAI, in June, launched a dedicated initiative to combat malicious use of AI in covert operations and cyber espionage. 

Google’s Gemini has also faced issues for what was described as inadequate transparency in its safety measures.

Governments are now stepping in. The European Union’s Artificial Intelligence Act began enforcement on 2 August 2025. It introduces strict risk management rules for general-purpose AI, cybersecurity-by-design requirements for high-risk systems, and penalties of up to €35 million or 7% of global turnover. 

In the United States, the White House has secured voluntary commitments from major AI developers, but critics argue that only binding regulation will close the gap between safeguards and threats.

With AI models becoming more powerful, the line between innovation and exploitation will only grow sharper.

This collaboration brings together two of the most experienced teams in ransomware defense to accelerate detection, enhance protection, and improve response capabilities for more than 300,000 organizations worldwide.

The collaboration between Sophos and Halcyon will exchange threat intelligence in real time, including indicators of compromise (IOCs), adversary behaviours, and attack patterns, to enhance ransomware prevention and accelerate response time.

Following Halcyon’s recent announcement of a community-focused Ransomware Research Center, this data-sharing initiative will inform defenses across both Sophos’ and Halcyon’s solutions.

It will benefit customers using Sophos Endpoint powered by Intercept X, as well as Sophos Managed Detection and Response (MDR), Sophos XDR, Halcyon’s Anti-Ransomware Platform, and other joint capabilities.

As part of the collaboration, Halcyon and Sophos will also implement mutual anti-tamper protections that allow each platform to monitor and safeguard the other’s agents in customer environments.

This helps ensure that organizations using both solutions benefit from added resilience, reducing the risk of ransomware interfering with security defenses and preserving the integrity of their overall protection strategy.

The threat intelligence collaboration is part of Sophos’ broader strategy to expand the reach and speed of its threat response through strategic partnerships.

Sophos X-Ops, the company’s cross-functional threat intelligence unit, will work closely with Halcyon’s research and engineering teams to share and operationalize ransomware-related insights across a wide array of attack surfaces.

“Ransomware tools and tactics are evolving constantly, and the best defense is timely, relevant intelligence that enables defenders to act quickly and with confidence,” said Simon Reed, chief research and scientific officer, Sophos. “By sharing insights with Halcyon, we’re improving signal fidelity and accelerating detection across our systems, which strengthens protection for all the organizations we serve.”

“Halcyon is honored to partner with Sophos. Over the last four years, based on our telemetry, Sophos has time and time again proven to be one of the most effective endpoint security platforms we have encountered, reliably performing and disrupting attackers at a level that simply outperforms the majority of the players in the next-generation antivirus and endpoint detection and response (EDR) space. Their dedication to innovate and roll out industry-leading and unique features continues to put their customers at an everyday advantage over the most sophisticated attacks affecting enterprises today,” said Jon Miller, CEO and co-founder of Halcyon. 

Key benefits of the collaboration between Sophos and Halcyon include:

• Real-time ransomware intelligence: Sophos and Halcyon will share timely threat intelligence, including indicators of compromise (IOCs), attacker behaviors, and tools used in active ransomware campaigns. This intelligence supports earlier detection, broader visibility, and more informed responses.
• Strengthened defenses across products and services: Shared intelligence will enhance threat detection models, enrich contextual telemetry, and accelerate protection updates within each company’s solutions, including Sophos Central and Halcyon’s Anti-Ransomware Platform.
• Mutual anti-tamper protections: Each solution actively monitors the other’s agents to prevent tampering or disablement during ransomware attacks, helping ensure that security defenses remain intact and effective throughout an incident.

This collaboration highlights Sophos’ and Halcyon’s continued commitment to cybersecurity innovation, industry cooperation, and the mission to defeat cybercriminals.

Together, Sophos and Halcyon are delivering the intelligence needed to stay one step ahead of attackers.

This year’s survey found that nearly 50% of companies paid the ransom to get their data back – the second highest rate of ransom payment for ransom demands in six years.

1. High Ransom Payments Persist: Nearly 50% of organizations paid a ransom—making it the second-highest rate in six years.
2. Negotiation Pays Off: 53% of those who paid, did so below the initial demand, with 71% negotiating the amount either directly or via third parties.
3. Median Ransom Dropped: While the median ransom demand was $1 million, this figure dropped 50% from the previous year.
4. Attack Entry Points Remain the Same: Exploited vulnerabilities were again the leading cause of attacks, continuing a three-year trend.
5. Lack of Visibility a Major Problem: 40% of victims were unaware of the security gaps exploited in their systems.
6. Staffing & Expertise Shortages: 63% of respondents cited internal resourcing challenges. Larger firms lacked expertise, while smaller ones lacked people.
7. Improved Attack Prevention: 44% of companies stopped the ransomware before data encryption occurred—a six-year high.
8. Backup Usage Falls: Only 54% of organizations used backups for recovery—the lowest in six years.
9. Recovery is Faster and Cheaper: Average recovery costs fell from $2.73 million to $1.53 million, and more than half recovered within a week.
10. Sector-Based Variance in Payments: State and local governments paid the most (median $2.5 million), while healthcare paid the least (median $150,000).

These insights highlight a growing maturity in response strategies—though prevention

Sophos recommends the following best practices to help organizations defend against ransomware and other cyberattacks:

• Take steps to eliminate common technical and operational root causes of attacks, such as exploited vulnerabilities. Tools like Sophos Managed Risk can help companies access their risk profile and minimize their exposure.
• Ensure all endpoints (including servers) are well-defended with dedicated anti-ransomware protection.
• Have an incident response plan in place and tested for when things go wrong. Have good backups and practice restoring data regularly.
• Companies need around-the-clock monitoring and detection. If they do not have the resources in-house for this, they can work with a trusted managed detection and response (MDR) provider.

Download the full State of Ransomware 2025 report on Sophos.com.

This is the view of Lionel Dartnall, SADC Country Manager of Check Point Software Technologies, a pioneer and global leader of cyber security solutions.

“Digital transformation is reshaping the manufacturing landscape, bringing both new opportunities and significant risks. As manufacturing operations increasingly rely on interconnected systems, cybersecurity has become a critical concern,” he says. 

From ransomware to supply chain vulnerabilities, African manufacturers face cyber threats that not only jeopardise their financial stability but also disrupt global operations.

Fortunately, by adopting a multi-layered approach to cybersecurity manufacturers can not only defend against attacks but also improve operational efficiency. 

Impact of manufacturing sector in Africa

Manufacturing plays a huge role in many African economies, contributing significantly to GDP, employment, and industrial development. However, as the sector adopts more digital technologies, the risk of cyberattacks is escalating, impacting not just African manufacturers themselves but the broader economy.

According to the World Economic Forum, manufacturing accounts for about 10% of Africa’s total GDP on average. In 2023, Africa’s manufacturing output was valued at $500 billion, with key sectors such as food processing, textiles, and consumer electronics experiencing significant growth. 

Manufacturing in South Africa alone contributes close to 13% to the GDP, about $29 billion, according to PWC’s  2024 Manufacturing Analysis. Ethiopia, Kenya, and Morocco have also seen growth in their manufacturing sectors, with notable advancements in textiles, automotive, and consumer goods production. 

1.     Job Creation

The manufacturing sector is also a major source of employment across the continent. According to the 2024 South African Reserve Bank Occasional Bulletin of Economic Notes,  it accounts for about 12% of formal sector jobs in the country, with Nigeria also relying on manufacturing for significant employment, particularly in agro-processing and cement industries. Across the continent, manufacturing provides critical income and skill development opportunities, especially in industrial hubs like Lagos, Nairobi, and Johannesburg.

2.     Investment and Infrastructure

In response to increasing demand, several African nations are investing heavily in manufacturing infrastructure. New industrial parks and special economic zones (SEZs) in countries like Ethiopia, Egypt, and Rwanda are attracting foreign direct investment (FDI) and driving sector growth. As a result, Africa is positioning itself as an increasingly attractive destination for global manufacturing investments.

Rising Cybersecurity Threats to the Manufacturing Sector

As the sector has grown in significance, so the cybersecurity threat landscape has become more complex and perilous. Check Point Software’s  The State of Global Cyber Security 2025 Report revealed a 44% increase in global cyber attacks in 2024, signaling that threats are rapidly evolving, with the manufacturing sector being a prime target. 

In the third quarter of 2024 alone, manufacturing globally saw a 75% increase in cyber-attacks compared to the previous year, with organisations experiencing an average of 1,876 attacks each.  This is  a 15% rise from the previous quarter.

Cybersecurity Risks in Africa’s Manufacturing Sector

Despite its importance, African manufacturing sector faces significant cybersecurity challenges. The increasing digitalisation of manufacturing processes, combined with the integration of IT and OT, has exponentially raised the risk of cyberattacks. This is becoming a systemic issue with the potential to destabilise entire economies.

“Manufacturers face unique vulnerabilities due to their reliance on outdated legacy systems that are hard to patch and the growing integration of operational technology (OT) and information technology (IT),” Dartnall says.

• Internet of Things

Additionally, the increasing use of Internet of Things (IoT) devices in Africa’s manufacturing facilities creates further vulnerabilities, enabling attackers to exploit weaknesses in factory networks.

• Ransomware

Manufacturers are particularly vulnerable to ransomware because attackers know that shutting down production can result in severe financial damage. These threats are no longer hypothetical: According to the Waterfall Security Solutions’ 2024 Threat Report , in 2023, 68 cyber-attacks in Africa’s manufacturing sector led to substantial operational disruptions, causing  physical damage across over 500 manufacturing sites, leading to production shutdowns and logistical delays. 

• Supply Chain Risks

Africa’s manufacturing supply chains are often intricate, involving numerous suppliers, contractors, and logistics providers, all of which can serve as entry points for cybercriminals. The rise of cloud services in manufacturing has also introduced risks related to misconfigured cloud settings, data breaches, and attacks targeting third-party services.

Economic Impact of Cybersecurity Breaches

The economic consequences of cybersecurity breaches in Africa’s manufacturing sector are profound. Cyberattacks not only lead to financial losses but also damage reputations, erode investor confidence, and disrupt national economies.

1.     Losses and Operational Disruptions

Cyberattacks that disrupt operations lead to substantial financial losses, including the cost of system recovery, production downtime, and data restoration. In 2023, the cost of cybercrime in Africa was estimated at $4.1 billion annually, with a significant portion attributed to manufacturing disruptions.

2.     Impact on GDP and Job Losses

In countries like South Africa, where manufacturing is a key driver of the economy, cyberattacks can significantly impact GDP. In 2024, cybercrime was estimated to cost South Africa nearly 1% of its GDP, according to Check Point’s 2024 African Perspectives on Cybersecurity Report. 

Furthermore, production shutdowns resulting from cyberattacks can lead to widespread job losses, especially in sectors like manufacturing where smooth operations are critical for employment.

Enhancing Cybersecurity While Improving Operational Efficiency

To mitigate these risks, African manufacturers must adopt a multi-layered cybersecurity approach that not only defends against attacks but also improves operational efficiency. One such solution is Secure Access Service Edge (SASE), which integrates networking and security into a unified system, helping manufacturers safeguard their networks while boosting productivity and minimizing downtime.

• Use Case 1: Operational Transformation

Take the case, for example, of an African manufacturer facing increased competition and pressure to reduce operational costs. After an internal audit, the company identified significant inefficiencies, including machine idle time, poor connectivity, and excessive IT tickets related to connectivity and security issues.

By implementing a SASE solution such as Check Point’s Harmony SASE, the manufacturer was able to address these challenges. The improved network performance resulted in faster access to cloud resources, eliminating bottlenecks and reducing downtime.

As a result, it saw a 23% improvement in on-time delivery rates and reduced machine idle time below industry benchmarks. In addition to enhanced security, the company saved money by retiring costly MPLS systems that were previously used to connect production facilities and warehouses.

• Use Case 2: Securing a Complex Supply Chain

Another example comes from African manufacturers with a highly complex supply chain, spanning multiple suppliers, remote employees, and third-party contractors. With so many entry points, the security team was concerned about breaches, particularly of the company’s research and development systems. 

After adopting a SASE solution such as Check Point Harmony SASE, the company strengthened its security posture by implementing a Zero Trust model that restricted supplier access to only necessary areas of the network. 

This approach segmented the network and reduced lateral movement, protecting sensitive systems. The results were significant: the company saw a 30% reduction in security alerts and successfully thwarted several unauthorised access attempts. Moreover, by improving security across the supply chain, the company enhanced its overall risk management.

The frequency and sophistication of cyber-attacks on the manufacturing sector are escalating, underscoring the urgent need for comprehensive cybersecurity solutions. 

“Manufacturers must view cyber security as a strategic tool that enhances both security and operational efficiency. By embracing technologies like SASE, manufacturers can protect against cyber threats while driving productivity, reducing costs, and gaining a competitive edge in the global marketplace,” Dartnall concludes.

In today’s digital manufacturing era, strong cybersecurity is not just an option—it is essential for long-term success.

This is according to Check Point Software Technologies’ January 2025 Global Threat Index, which reveals that FakeUpdates malware is at the top of cybercrime, enabling large-scale ransomware attacks across the continent.

FakeUpdates is a downloader malware that cybercriminals use to launch ransomware attacks. First detected in 2018, FakeUpdates typically infiltrates systems through deceptive browser update prompts on compromised websites.

Ethiopia Leads as Most Attacked

Ethiopia ranks first globally with a 100% Normalised Risk Index, making it the most targeted nation out of 109 surveyed. Zimbabwe, Angola, and Uganda follow, securing positions within the top 10. Nigeria, which was ranked 13th in the previous report, has moved up to 11th place with an increased risk index of 62.7.

The rankings for other African countries in the top 20 are:

• Zimbabwe – 5th place (77.7)
• Angola – 9th place (66.1)
• Uganda – 10th place (64.5)
• Nigeria – 11th place (62.7)
• Kenya – 14th place (59.4)
• Ghana – 16th place (58.9)
• Mozambique – 17th place (57.9)

South Africa, which previously ranked higher, has dropped three spots to 66th place, while Egypt ranks 97th, making it the least attacked country in Africa.

How FakeUpdates Malware Fuels Cyber Threats

Security experts have traced several ransomware attacks back to FakeUpdates, which continues to be a favoured tool among cybercriminals. A recent investigation found that an affiliate of the ransomware group RansomHub used a Python-based backdoor to maintain access and deploy ransomware. 

This technique, coupled with lateral movement via Remote Desktop Protocol (RDP), allowed attackers to establish prolonged access through scheduled tasks.

Maya Horowitz, VP of Research at Check Point Software, stated: “AI is transforming the cyber threat landscape, with cybercriminals rapidly evolving their methods, leveraging AI to automate and scale their tactics and enhance their capabilities. To effectively combat these threats, organizations must move beyond traditional defences and adopt proactive, adaptive AI-powered security measures that anticipate emerging risks.”

Other Malware Threats on the Rise

Beyond FakeUpdates, the report identified other highly active malware families:

• Formbook – An infostealer malware that extracts credentials, logs keystrokes, and downloads additional malicious files.
• Remcos – A Remote Access Trojan (RAT) that exploits Windows vulnerabilities to bypass security restrictions.

For mobile devices, the most active threats include:

• Anubis – A banking trojan capable of bypassing multi-factor authentication and recording keystrokes.
• AhMyth – A remote access trojan that disguises itself as a legitimate app to steal sensitive information.
• Necro – An Android malware that downloads and executes malicious components.

Most Targeted Sectors and Ransomware Groups

According to the report, the education, government, and telecommunications sectors are the most attacked industries globally. Among ransomware groups, Clop was identified as the most active, responsible for 10% of known attacks. It was followed by FunkSec (8%) and RansomHub (7%).

The findings highlight the growing cybersecurity risks faced by African nations, reinforcing the need for stronger digital defences against evolving threats.

The report revealed that eight African countries were ranked among the top 20 most attacked nations worldwide, with Nigeria placing 13th.

Ethiopia led the African rankings, topping the global list with a Normalised Risk Index of 98.2%, while Uganda, Angola, and Ghana secured the 8th, 9th, and 11th spots, respectively. 

Nigeria followed closely with a Normalised Risk Index of 62.3%. Other African countries on the list included Kenya (17th), Mozambique (18th), and Côte d’Ivoire (20th).

The African continent is being targeted for its growth in digital technology leverage, with cybercriminals using sophisticated tactics like artificial intelligence (AI)-driven ransomware.

One of the major groups in December was FunkSec, a new ransomware-as-a-service (RaaS) group responsible for 14% of all reported ransomware attacks that month. 

FunkSec’s growth has been linked to its AI-powered double-extortion techniques, where stolen data is both encrypted and held for ransom. Although many of FunkSec’s victim reports were questioned for authenticity, the group’s rise poses a huge threat to global cybersecurity.

In addition to FunkSec, other malware families such as FakeUpdates and AgentTesla were also disturbing threats in December. FakeUpdates impacted 5% of organisations globally, while AgentTesla used keylogging and credential theft to target 3% of businesses.

Mobile devices were not spared, with banking Trojans like Anubis and Necro exploiting vulnerabilities to steal credentials and install malicious software.

The growing sophistication of cyberattacks reiterates the need for enhanced cybersecurity measures. Maya Horowitz, vice president of Research at Check Point, emphasised that organisations must stay ahead of these threats by adopting advanced security tools to defend against AI-powered ransomware and other emerging risks.

Cybercriminals are targeting high-value systems and using sophisticated encryption methods to extort businesses. 

Hence, organisations must focus on building stronger defences against ransomware groups, including RansomHub and LeakeData, as mentioned in the global threat index report, strengthening their security strategies to mitigate the risks caused by these evolving threats.