What we are witnessing is not a rise in scams, but the emergence of an industry.

The year 2025 marked a defining phase in Nigeria’s cybercrime evolution. What was once dominated by informal online fraud continued its transition into organised, technology-enabled criminal activity operating across borders.

This shift mirrored a broader continental trend, with cybercrime now accounting for a significant share of reported crime across Africa.

High-profile, intelligence-led arrests involving the Economic and Financial Crimes Commission and INTERPOL demonstrated both the scale of Nigerian-linked cybercrime networks and the growing effectiveness of international cooperation. These operations sent a clear signal: geography is no longer a shield for digital crime.

As Nigeria moves into 2026, the cybercrime landscape is set to evolve further rather than recede. Organised cybercrime groups are becoming more structured, adopting defined operational roles and leveraging artificial intelligence to scale fraud at speed.

AI-assisted social engineering will mature, enabling threat actors to generate highly convincing communications in English, Pidgin, and local dialects.

These context-aware attacks will exploit cultural familiarity, trust networks, and economic pressure, making deception harder to detect and easier to automate.

One of the most significant accelerators of this threat heading into 2026 is the continued rise of forex, crypto, and online investment scams.

Throughout 2025, cloned trading platforms, fake broker dashboards, social media influencers-driven “telegram groups,” and staged withdrawals proliferated, blurring the line between legitimate fintech innovation and criminal enterprise.

In 2026, these schemes will become even more sophisticate, supported by AI-generated testimonials, customer service personas, and long-con engagement models that keep victims invested emotionally and financially over time.

The misuse of AI will extend beyond messaging into the infrastructure of cybercrime itself. Threat actors will increasingly use AI to automate victim profiling, personalise scam narratives, manage mule networks, and optimise laundering routes across fintech platforms and digital payment rails.

Deepfake audio and video will feature more prominently in impersonation fraud, investment scams, and trust-based exploitation involving businesses, families, and faith-based institutions.

This evolution will place additional strain on identity verification, fraud detection, and digital trust mechanisms across Nigeria’s financial ecosystem.

International cooperation will be a defining factor in 2026. Building on the momentum of Africa-wide cybercrime operations in 2025, intelligence sharing, coordinated takedowns, asset tracing, and extradition efforts will lead to more frequent disruptions of Nigerian linked cybercrime networks.

While enforcement capacity will improve, criminal groups will continue to adapt, decentralising operations and recruiting technically skilled youth to replace those arrested, reinforcing the need for sustained, coordinated global engagement rather than isolated crackdowns.

From a GoLegit Africa perspective, 2026 represents both heightened risk and a critical opportunity. Enforcement remains necessary, but it is not sufficient.

Many individuals involved in forex scams and digital fraud are not ideologically criminal; they are economically motivated and technically capable. Without viable alternatives, the cycle of recruitment, arrest, and replacement will continue regardless of how many networks are disrupted.

The path forward is clear. Nigeria’s response to the automation of deception must balance global enforcement with local prevention, rehabilitation, and redirection. Investment in AI-enabled fraud detection, digital trust frameworks, and international cooperation must be matched with structured pathways that convert underground digital skills into legitimate cybersecurity, technology, and digital economy careers.

This is the space where GoLegit Africa operates, intervening early, rehabilitating offenders, and breaking the pipeline before crime becomes the default option.

The prediction for 2026 is simple but urgent; Nigeria’s cybercrime threat will continue to scale through automation, but our long-term resilience will be determined by whether we choose enforcement alone or enforcement combined with opportunity.

If we cannot out-educate, out-employ, and out-inspire organised cybercrime, we will continue to chase its symptoms rather than its source.

*Remi Afon is the founder of GoLegit Africa

In 2024, the global cybersecurity landscape is on the brink of a significant transformation, with the proliferation of AI-driven threats taking centre stage.

Adversarial machine learning, where attackers manipulate AI algorithms, is anticipated to become more prevalent, challenging traditional defence mechanisms.

Context-aware attacks are also expected to rise, showcasing a heightened level of sophistication as cyber threats adapt their strategies based on specific environments and security measures.

In 2024, an alarming trend on the cybersecurity horizon is the potential misuse of advanced language models, such as ChatGPT, by cybercriminals.

As these models become more sophisticated, there’s a risk of threat actors employing them to craft highly convincing phishing messages, social engineering tactics, and even automated attacks that exploit human-like interactions.

Cybercriminals will continue to leverage ChatGPT to generate realistic-sounding emails or messages, making it challenging for individuals to discern between legitimate and malicious communications. This poses a significant challenge for traditional email filtering and security measures.

2024 evolving threat landscape will include the ominous use of AI for crafting malware, posing an increased risk to organizations.

Malicious actors leveraging AI to design sophisticated and evasive malware will further strain cybersecurity defences, demanding innovative strategies to detect and neutralize these AI-generated threats.

Additionally, the threat of AI-driven Distributed Denial of Service (DDoS) attacks looms large. Cyber attackers are likely to exploit AI to orchestrate more complex and adaptive DDoS assaults, overwhelming organizations’ online infrastructure.

This necessitates a proactive approach to cybersecurity, incorporating advanced AI defences capable of swiftly identifying and mitigating evolving DDoS threats.

Deepfakes, powered by AI, are anticipated to pose a significant challenge to individuals and organizations alike.

The potential for cybercriminals to use AI to create highly convincing and deceptive multimedia content raises concerns about the authenticity of digital information.

Addressing this threat requires the integration of sophisticated AI-based detection mechanisms to identify and mitigate the impact of deepfakes on various fronts, including misinformation and reputational damage.

Furthermore, we foresee an increase in the use of AI in romance scams, highlighting the risk of cybercriminals leveraging advanced technology to manipulate and deceive individuals.

AI-driven chatbots and social engineering tactics will be employed to create highly convincing and personalized scams, making it difficult for individuals to discern between genuine and malicious interactions.

To counter these multifaceted AI-driven threats, organizations should adopt comprehensive AI-centric defence strategies.

Real-time threat intelligence, machine learning integration into threat hunting processes, and collaboration within the cybersecurity community will be crucial elements in staying ahead of evolving threats.

Implementing advanced NLP models to distinguish between genuine and AI-generated content, along with continuous monitoring and adaptation of security protocols, will be essential in mitigating risks associated with AI in crafting malware, orchestrating DDoS attacks, generating deepfakes, and executing romance scams.

The cybersecurity landscape in 2024 will witness a complex interplay between defenders and adversaries, with AI at the forefront of both offense and defence in the ever-evolving realm of cybersecurity.

Written by: Remi Afon, the Founder, Lynsec Cyber Security & GoLeget Africa.

Cybersecurity job is not for everybody; it take months, if not years, of learning, sacrifices and mastery to become a though leader in this field. Their stories should inspire you who is interested in taking up a career in cybersecurity.

Did you know that, according to the University of Maryland, hackers attack every 39 seconds, on an average of 2,244 times a day?

With the increase in the generation of digital data, it is anticipated that cyberattacks will quadruple shortly.

In this article, we are recognizing 10 influential thought leaders in cybersecurity. These are true thought leaders who are confident and clear in their purpose.

Others in this industry turn to them for guidance. It is important you follow these leaders to keep updated on cybersecurity matters:

1.  Adewale Peter Obadare (DrOPA)

Position: Co-Founder and Chief Visionary Officer (CVO), Digital Encode Limited.

Global #DrOPA is arguably the most credentialed Pan-African digital trust leader, cybersecurity strategist, GRC thought leader & global technopreneur with fifty Six (56) professional certifications and still counting.

He is a fellow of the British Computer Society (FBCS); fellow, Institute of Management Consultants (FIMC); fellow, Institute of Information Management (FIIM); fellow, Institute of Brand Management (FIBM); Chartered Information Technology Professional (CITP); the First

PECB Certified Data Protection Officer (CDPO) in Nigeria; the first Ec-Council Licensed Penetration Tester (LPT) in Africa; first Ec-Council Certified BlockChain in Africa; second COBIT 5 Certified Assessor in Africa Payment Card Industry Data Security Standard Qualified Security Assessor (PCI DSS QSA), amongst others.

To his credit, Dr. Obadare was awarded Honorarary Doctorate Degree in Cybersecurity from Trinity International University of Ambassadors Atlanta Georgia, United State of America.

Peter is a well-recognized subject matter expert with numerous successful engagements to his credit in Africa.

Obadare Peter Adewale’s list of credentials

DrOPA is a big dill in his field; the résumé is peppered with accomplishments anise common for him to command a large celery:

• Doctor of Human Letters – Cybersecurity (TIUA 2018)
• Harvard University Cybersecurity Risk Management (2018)
• Harvard Kennedy School (HKS LIDP 2017)
• Harvard Kennedy School (HKS CSX 2017)
• Harvard Business School (HBS LPSF 2014)
• MIT SLOAN School Of Management (ACE 2018)
• MIT SLOAN School Of Management (EDP 2016)
• MIT SLOAN School Of Management (GEA 2014)
• Oxford Blockchain Strategy Expert (2018)
• MIT Professional Education (CSX 2015)
• MIT Professional Education (CMBC 2015)
• FELLOW BRITISH COMPUTER SOCIETY
• FELLOW INSTITUTE OF INFORMATION MANAGEMENT
• FELLOW INSTITUTE OF MANAGEMENT CONSULTANT
• FELLOW INSTITUTE OF BRAND MANAGEMENT
• CHARTERED IT PROFESSIONAL
• COBIT®5 CERTIFIED ASSESSOR
• COBIT®5 IMPLEMENTATION CERTIFICATE
• COBIT®5 FOUNDATION CERTIFICATE
• IIB COUNCIL CERTIFIED BLOCKCHAIN PROFESSIONAL (C|BP
• PAYMENT CARD INDUSTRY PROFESSIONAL
• PAYMENT CARD INDUSTRY QUALIFIED SECURITY ASSESSOR
• ISO 27001 MASTER
• ISO 27001 LEAD AUDITOR
• ISO 20000 LEAD AUDITOR
• ISO 22301 LEAD AUDITOR
• ISO 27001 LEAD IMPLEMENTER
• ISO/IEC 27032 LEAD CYBERSECURITY MANAGER
• ISO/IEC 38500 LEAD IT CORPORATE GOVERNANCE MANAGER
• INTEGRATED MANAGEMENT SYSTEMS LEAD AUDITOR
• MCP, CCNA, CCDA, CCNP, CCDP, CCIE (Written), SMBE, SBCS, SNAA, QCS, CSA, MSA, CEH, ECSA, ECSP, CHFI, LPT.

Like the saying goes, Dr Obadare is an old salt who has mustard enough experience over thyme to become a sage.

2. Confidence Staveley

Position: Founder and Executive Director, CyberSafe Foundation

Confidence Staveley is Africa’s most celebrated female Cybersecurity Leader, an author, API security
professional, talent developer, international speaker, and inclusion advocate.

She is also the Author of API Security for White Hat Hackers: Uncover offensive defense strategies and master secure API implementation.

What sets Confidence apart is her innate ability to merge profound cybersecurity knowledge
with impeccable communication finesse.

She excels in translating intricate cybersecurity concepts into digestible, jargon-free insights for diverse audiences. Her unique approach is brilliantly showcased in her YouTube series, “API Kitchen” where she uses culinary metaphors to explain API Security concepts.

Within its debut season, this series amassed over half a million views across social media, as Confidence masterfully served up a banquet of API security wisdom.

• Here’s a summary of some of her achievements, recognitions and work:
• Winner, Cybersecurity Woman of the World, 2023 Edition
• ISC2 Global Achievement Awards (CEO Award) winner.
• Top 25 Leaders in Cyber Security 2024 (Cyber Security Hub)
• Spoken at several International Conferences like Payment Card Industry Security Standards Council (PCI SSC) Community meetings in North America, Europe, and Asia.
• 45 Most Influential Women in Digital Transformation 2021-2022
• ABCD Africa’s 50 Most Impactful Voices 2023
• Featured as 40 under 40 in cybersecurity 2023
• International Security Journal 2022 and 2023 influencer
• 20 African Women of Impact 2022 – Ventures Africa
• Built Africa’s biggest female-focused novice-to-professional, free cybersecurity training, mentorship, and placement program; CyberGirls Fellowship.
• CyberSecurity Woman of the Year Award winner 2021 and 2022
• 2022 Obama Africa Leader
• U.S State Department’s International Visitors Leadership Program (IVLP) Impact Awards.
• IFSEC Global Top Influencers in Security & Fire (One-to-Watch) for 2021
• Young CISO of the Year award 2021
• Led my team and 20+ cybersecurity experts across 7 countries to provide cybersecurity upskilling training to over 10,000+ employees of SMEs across 36 states in Nigeria.
• Listed as Top 50 Women in Cybersecurity in Africa 2020

3. Oluseyi Akindeinde

Position: Co-founder/Chief Technology Officer, Digital Encode Limited

With over two decades of expertise in the technology and information security sectors, Dr. Akindeinde, has recently dedicated a significant portion of his professional journey to understanding and addressing the security challenges within Electronic Funds Transfer (EFT) and Financial Transaction Systems (FTS).

He has share the findings of his comprehensive research work at an array of esteemed conferences and with prestigious organisations such as the Office of the National Security Adviser (Nigeria), Central Bank of Nigeria (CBN), Information Security Society of Africa – Nigeria (ISSAN), CCIBN, CIBN, EFCC, NSE, EPPAN, and the executive councils and senior management of numerous financial institutions across Nigeria, and beyond.

Dr. Akindeinde serves as an advisor to the Nigerian eFraud Forum (NeFF), a broad-based initiative by the CBN.

Beyond his advisory role, Seyi’s expertise has been sought by entities from various sectors including finance, manufacturing, oil and gas, telecommunications, as well as State and Federal Government Agencies.

He regularly provides enlightening presentations on current cyber security issues to the National Assembly, Defense Intelligence Agency (DIA), and Office of the National Security Adviser (NSA).

Recently, the digital juggernaut immersed himself in the realm of web3 and blockchain technology, concentrating on harnessing these innovative systems to enhance enterprise security.

His particular focus lies in applying these technologies to advance web and product authentication, identity and access management as well as web and IRL token gating using smart contracts.

Dr. Akindeinde is passionate about establishing and developing tech startups. He is involved in two ventures; first, Hyperspace Technologies, known for its groundbreaking product, cipherKEY tap2sign.

Their innovative patented product cipherKEY tap2sign harnesses NFC microchip technology to offer a passwordless, contactless, and trustless multi-factor authentication, identity and access management for web based applications. The technology also used in our Keymaster VAULT product, offers a low cost and secure, cold storage for digital assets.

The second startup, Neural AI, provides essential support to organizations intending to build and deploy Large Language Models (LLMs) for generative text.

Top skillsTop skills:

Blockchain • Cybersecurity • Artificial Intelligence (AI) • Near-field Communication (NFC) • Web3

4. Chukwuebuka Ume-Ezeoke

Position: Chief Technology Officer, CED Technologies

Chukwuemeka Ume-Ezeoke (CUE) is a technology advisor and entrepreneur who is highly driven with keen insights into understanding and interpreting various organizational demands.

With over a decade of technical experience and excellent skills in technology innovation, entrepreneurship, and business management, he has extensive experience developing and implementing technology strategies, solutions, and transformations for businesses in various industries like aviation, healthcare, oil&gas, dinancial, FMCG, and technology.

Through CED Technologies, as the CTO, they have partnered with Appknox the World’s highest rated mobile security solution on Gartner and G2 Crowd.

CUE continues to effectively manage technical and business teams in different countries executing a wide range of IT projects and strategic business solutions with industry leaders as he continues to encourage and share cybersecurity knowledge and help secure data in organizations across Africa.

Chukwuemeka Ume-Ezeoke is interested in solving business and economic challenges by identifying high-potential, technology-intensive business opportunities, gathering resources such as talent and cash, and managing rapid growth using principled, real-time decision-making skills.

He assists businesses worldwide make positive changes by utilizing top-notch technologies such as cloud solutions architecture, software development life cycle management, implementation & support, and cross-functional team coordination.

CUE also specializes in strategic business development, planning, execution, developing entrepreneurial skills, maintenance of technical services, client relationship management, cybersecurity, mobile & web application security services, decision making using a multiagent robotic system, training, and skill development for teams.

Top skillsTop skills: Agile Methodologies • Platform as a Service (PAAS) • Mobile Applications • Cybersecurity • Process Improvement

5. Jimi Falaiye

Position: Sophos Territory Manager for West Africa

Jimi Falaiye is a business sales and business manager with over 13 years of experience in the Information, and communication technology (ICT) industry in business development and sales of Software, IT infrastructure (Security and Networks), and other IT services within Nigeria and the West African Market.

Currently, he is the Sophos Territory Manager for West Africa, growing the sales revenue and expanding both customer and partner ecosystem within the region.

He previously worked in various roles with D-Link Networks West Africa, Cyberoam, Telesol (GH), etc.

Falaiye grew the Cyberoam business to become the go-to Unified Threat Management solution for various companies in Nigeria before transitioning and expanding the Sophos security solution business to Ghana and other West African countries.

He holds a Bachelor of Engineering Degree in Electrical Electronics Engineering and an MBA from the Business School Netherlands.

He has attended various short programs and courses in business management and sales. He has also won various awards including 3 consecutive Sophos President Club awards for overachieving set business sales targets.

6. Olufemi Ake

Position: Managing Director, ESET West Africa (Anglophone)

Olufemi is an experienced strategic business development and operations professional with more than seventeen (17) years of experience cutting across Real Estate, Oil & Gas, Finance, FMCG and Information Technology sectors with vast business knowledge of the United Kingdom and West Africa markets.

Olufemi served as the Managing Director at ESET in West Africa. He is responsible for the growth and wide adoption of cybersecurity within the West African (Anglophone) region comprising five (5) countries, Nigeria, Ghana, Liberia, Sierra Leone, and The Gambia.

He spearheaded the strengthening of the brand over the last 10 years by opening access to strong, trust-based relationships with private and public sectors and ensuring symbiotic business relationships and growth with partners of ESET within the operational markets.

In his quest to ensure digital security is widely accepted in this part of the world, he has championed various cybersecurity education programs at schools, large and small corporations, and public sector institutions by creating awareness of the importance.

He has also written numerous articles and press releases, which often serve as advisories to Information Technology (IT) professionals on ethics, compliance, risk, and governance in corporate environments.

He attended the University of Sheffield in England with Honors and has been in a couple of business schools since graduation.

He is certified in Strategic Management and Innovation for Sustainable Business Growth at the China-Europe International Business School (CEIBS). In 2022, he was selected as one of the four IFSEC most influential security professionals in Africa.

7. UMAR SA’AD

Position: Manager Information Technology, ANOH Gas Processing Company Limited.

Umar Sa’ad is one of the influential thought leaders in cybersecurity; a seasoned expert with over a decade of experience countering emerging cyber threats.

He specializes in detecting threats, assessing vulnerabilities, and responding to incidents by designing comprehensive security programs that combine technology, processes, and human behavior.

With skills in network architecture, penetration testing, and risk management, Umar currently holds the positions of Vice President at the Cybersecurity Experts Association of Nigeria (CSEAN) and IT Manager at ANOH Gas Processing Company (AGPC); a leading midstream energy company in Nigeria.

He holds an MSc in Computer Networking and key certifications including CEH, CISM, and ISO 27001 Lead Implementer, remaining on the cutting edge of cybersecurity advancements.

8. Chinenye Chizea

Position: Security Architect and Technical Lead, World Bank/FGN Digital Identification for Development (ID4D) project.

Chinenye Chizea has over 20 years’ professional experience from a diverse background in Information Security, IT management, Enterprise Architecture, Privacy and Compliance. She is named among IFSEC Global’s Security & Fire Influencers 2021 Security Executives.

Chinenye is an advocate of implementing best practice security risk controls, common security frameworks and standards within an organization.

Her broad technical background built over the years in the UK and in Nigeria has equipped her with the skills and knowledge in areas relating to corporate governance, regulatory compliance, digital transformation, risk management,business continuity, information security and assurance.

Chinenye was the first female CISO for National Identity Management Commission (NIMC).

A role that had her accountable for ensuring the security of her organizations information assets as well as driving her organizations certification in ISO/IEC 27001:2013 and PCI DSS Program. Chinenye participated in the review of Nigeria’s 2021 National Cybersecurity Policy and Strategy (NCPS).

Her current role sees her consulting for the World Bank/Federal Government of Nigeria (FGN) digital identity for development (ID4D) project on security and privacy.

She has served in varying committees, and is frequently interviewed, and invited to speak at varying platforms on cybersecurity, privacy, compliance and related corporate governance responsibilities. She has Master’s degree in Information Technology, a Bachelor’s degree in Engineering Physics, and holds several industry certifications including CISSP, ISO/IEC 27001:2013 Master, MCSE_Private Cloud, OCP, ITIL and Cisco certifications.

9. Remi Afon

Position: Pioneer President, CSEAN, and the Founder GoLegit Africa

Remi Afon is a dynamic and results-oriented Cyber Security Specialist with an exceptional track record of success.

With over two decades of IT experience and a solid academic foundation, including a BSc in Computer Science from the University of Ilorin, an MBA, and an MSc in Information Security from Royal Holloway University of London, Remi brings a wealth of expertise to the table.

A true luminary in the field, Remi is not only a sought-after speaker at prestigious conferences, summits, and seminars, but also a strategic thinker who has consistently delivered outstanding results in overseeing diverse corporate IT projects.

Remi’s contributions extend beyond the boardroom, as he actively shapes the strategic planning and deployment of information security solutions that seamlessly align with both business and governmental objectives.

Remi Afon is not just a cybersecurity professional; he’s a mentor and coach, recognized for his exceptional skills in the field.

He has authored educational materials for the Infosec Institute, Chicago USA and holds esteemed roles as a PECB & CEH Certified Trainer.

Currently, Remi’s focus is on the strategic implementation of cloud migration security solutions and ensuring robust application security for both public and private sector entities. His unparalleled expertise in core security operations serves as a strong foundation for these endeavors.

In addition to his impressive career, Remi is the pioneer and immediate past president of the Cyber Security Experts Association of Nigeria (CSEAN), demonstrating his commitment to advancing cybersecurity in Africa.

He is also the Founder of GoLegit Africa, an innovative initiative aimed at rehabilitating cybercriminals. Furthermore, Remi Afon has established Penayde Cybersecurity Limited in the United Kingdom and Lynsec Cybersecurity Solution in Nigeria, cementing his status as a visionary leader in the cybersecurity landscape.

10. Uchenna Jerome Orji

Position: Research Fellow, African Centre for Cyber Law and Cybercrime Prevention (ACCP)

Meet Dr Uchenna Jerome Orji, an Attorney admitted to the Nigerian Bar. He holds an LL.B from the University of Nigeria, and an LL.M from the University of Ibadan, with specialization in cybersecurity and information technology law.

He also holds a PhD in Law from Nnamdi Azikiwe University, Nigeria, with specialization in telecommunications law.

Dr. Orji is a Fellow of the African Center for Cyber Law and Cybercrime Prevention within the UN African Institute for the Prevention of Crime and the Treatment of Offenders in Kampala, Uganda.

He is the author of Cybersecurity Law and Regulation (Wolf Legal Publishers: The Netherlands, 2012), International Telecommunications Law and Policy (Cambridge Scholars Press: United Kingdom, 2018), and Telecommunications Law and Regulation in Nigeria (Cambridge Scholars Press: United Kingdom, 2018), in addition to several peer reviewed law journal publications. He is a recipient of a national award (the Dangote Prize) for the best overall essay in the fourth edition of the Nigerian Ships & Ports National Essay Competition.

Recently, he has participated as an expert in notable projects including the Council of Europe Cybercrime@Octopus Project; the Commonwealth Virtual Currency Project; the Dutch Terre des Hommes’ Sweetie 2.0 Project; and the GSMA E-Health Regulatory Framework for Africa. In 2016, he was appointed as the resource person/professor of cybersecurity law and policy for the CODESRIA African Cybersecurity Governance Institute.

He has been a speaker at several high-level international conferences including the Hague Global Conference on Cyber Space; the NATO CCD COE’s International Conference on Cyber Conflict; and the Asian Security Conference, and also works as a legal consultant for local and international organizations.

Dr. Orji specializes in cybersecurity & cybercrime law; data protection law; telecommunications law; information technology law; money laundering law; development law; trade law.

=====

(Sources: CSEAN, LinkedIn, Corporate and Individual websites, Profiles)

Prof. Pantami had on Tuesday in a statement signed by his spokesperson, Uwa Sulaiman, disclosed that 12.99 million cyberattacks were recorded during election week.

According to the statement, there were 6.99 million attacks on February 25th, which was the election day with those attacks including a series of hacking attempts such as Distributed Denial of Service (DDoS), email and IPS attacks, SSH login attempts, brute force injection attempts, path traversal, detection evasion, and forceful browsing.

“Generally, threats to public websites and portals averaged around 1,550,000 daily. However, this skyrocketed to 6,997,277 on Presidential Election Day. Within 24th February 2023 and ended on 28th February 2023, a total of 12,988,978 attacks were recorded, originating from both within and outside Nigeria,” the statement disclosed.

But in a reaction to the statement, Mr. Remi Afon, United Kingdom based cybersecurity expert challenged the Minister to break down how his ministerial standing committee on an advisory role for the protection of cyberspace and ICT came about the figure which is unprecedented in the history of cyberattacks globally.

“It will do Nigeria a lot of good for the Minister to break down how his ministerial standing committee on an advisory role for the protection of cyberspace and ICT came about the figure which is unprecedented in the history of cyberattacks globally,” Remi Afon, who is the immediate past President of Cyber Security Experts Association of Nigeria (CSEAN) queried.

He noted that if the figures released by the Minister are true, which he doubts, then a “state of national cybersecurity emergency” should be declared.

“Ukraine suffered 2,194 cyberattacks in 2022, with 1,655 coming after Russia’s February 24 invasion, according to the Ukraine government. On the other hand, Nigeria purportedly suffered close to 13 million cyberattacks just in four days because of an election,” he queried further.

Meanwhile, Remi Afon, who should know argued that it is possible to have several events during the period specified, which does not necessarily translate into an incident or cyberattack. Also, for example, a distributed denial of service (DDoS) attack should be classified as one cyberattack and not, for argument’s sake, 100,000 attacks because they are launched from multiple devices that were distributed across the Internet.

According to him, it is within the remit of the Nigeria Computer Emergency Response Team ngCERT under the Office of the National Security Adviser to provide authentic information about cyberattacks and not a ministerial committee.

According to Security Magazine, there are over 2,200 attacks daily, breaking down to nearly one cyberattacks every 39 seconds. With around 2,220 cyberattacks daily, that equates to over 800,000 attacks yearly.

Speaking at the Nigeria 2023 Cybersecurity Perspective, a webinar organized by ISC Nigeria Chapter, Mr. Remi Afon, Founder of Lynsec Cybersecurity Solution, argued that there is a lack of transparency in reporting cybersecurity breaches.

ALSO: NIGERIA: CSEAN Releases National Cyber Threat Forecast 2023

This, according to him has remained a significant challenge.

Mr. Remi Afon, who is the immediate past President of the Cyber Security Experts Association of Nigeria (CSEAN), also noted that while all the cybersecurity predictions of CSEAN came to pass, 2023 will continue to witness cyber-attacks owing largely to the huge adoption of Information Technology by government, corporate organisations and individuals.

According to him, the sector that will be most affected is financial institutions, especially Fintech, which he argued is not fully regulated. Thus, leaving many gaps for cyber criminals to thrive.

Other sectors that will be largely affected include the Small and Medium Enterprises, (SMEs), which he noted do not have the resources to fortify their cybersecurity defense and the academia, where many students leverage their infrastructure to launch attacks.

Listing some other challenges that Nigeria as a country and corporate organizations will experience in 2023, Mr. Afon said insider threats and lack of capacity in terms of cybersecurity personnel top the chart.

He believes that Nigeria will continue to suffer from what he described as JAPA syndrome, where many young Nigerians have left the country to get employment outside. “Nigeria doesn’t pay to appreciate skills so many young people will naturally go where they are well paid. So JAPA syndrome will continue to be a challenge,” he said.

Meanwhile, Abdul-Hakeem Ajijola, Executive Chairman, Consultancy Support Services Limited has advised the government and corporate organisations to develop the cybersecurity space in Nigeria, stressing that owing to the adoption of technology in every area of life, cybersecurity will continue to grow in leap and bound.

“Nigeria needs to develop its cybersecurity space by enhancing the incidence response plan, build cyber defense capability and legal processes as the cybersecurity market in Africa is around $ 3.5-4.6 million dollars,” he advised.

The Nigeria 2023 Cybersecurity Perspective was organized to create some forms of awareness and cybersecurity readiness for individuals, corporate organizations and the government.

This happened barely two hours after the EFCC secured the conviction of three smugglers – arrested with 1,144 ATM Cards at the same airport.

It is becoming clear that cybercrime is no longer the exclusive preserve of the southern part of Nigeria; with Lagos notoriously known as the “cybercrime capital of West Africa”, the crime is fast spreading like wild fire to other parts of the country.

The year 2021 witnessed massive cyberattacks that affected private organisations, government agencies, individuals, and supply chains globally. Nigeria had its fair share of cyberattacks and compromise albeit largely underreported.

On December 9, an acute Remote Code Execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 that shook the internet.

By December 10, more than 3.7 million hacking attempts had been made to exploit the vulnerability, according to leading cybersecurity firm Checkpoint, with more than 46% conducted by known malicious groups.

2022 is expected to witness an escalation in cyberattacks and cybercrime from what we witnessed in 2021.

The 2022 Nigeria Cybersecurity Threat Landscape enunciated here is based on cybersecurity trends in Nigeria and around the world, coupled with insights from leaders and global experts who assess the evolving cyber environment and the security threats we currently face.

From Ransomware and Business Email Compromise (BEC) scams to deepfakes, these predictions are based on existing trends while incorporating the behaviour of cybercriminals and changing technological innovations.

The year 2021 witnessed unprecedented Ransomware attacks with the rise of Ransomware-as-a-Service (RaaS) groups on the Darkweb. The average amount of reported Ransomware transactions per month in 2021 was $102.3 million, according to FinCEN Report.

Approximately 37% of global organizations said they were victims of some form of a Ransomware attack in 2021, according to IDC’s “2021 Ransomware Study.”

In 2022, the Ransomware threat and level of severity of ransomware attacks will grow. With Ransomware becoming the new digital pandemic, we expect to see the highest reported ransom paid by organisations in 2022 and disruption of service with maximum impact in terms of financial loss.

The loss would not only be calculated based on ransom paid, but in terms of financial losses due to service unavailability, loss of market share, and a drop in stakeholder confidence, amongst other factors.

As the 2023 Nigeria general elections draw nearer, the use of Deepfakes and fake news will rise in 2022. Deepfakes are videos, images, or audio recordings that are manipulated by AI technology.

In a deepfake, an individual can be presented as saying or doing something that didn’t happen.  Deepfakes are typically used to slander targets, manipulate events, falsify statements, or evidence, and create scandals. They’re made with artificial intelligence software that maps targeted people’s faces into scenes and onto other people’s bodies, or otherwise manipulate parts of videos.

The Deepfakes threat has also been used to facilitate business email compromise (BEC) fraud, bypass Multi-Factor Authentication (MFA) protocols, and Know Your Customer (KYC) ID verification, and will be increasingly used in 2022 and beyond.

Closely related to Deepfakes is Fake news.  Fake news has become a new attack vector in the past few years.

Throughout 2021, misinformation was spread about the COVID-19 pandemic, and vaccination information with the black market for fake vaccine certificates and fake PCR test results expanding globally, with several countries recording fake vaccine and test certificates for travellers. Fake ‘vaccine passport’ certificates are now on sale for $100-120  in the darkweb.

In 2022, cybercriminal groups will continue to leverage these types of fake news campaigns and fake covid documents to execute cybercrime through various phishing attacks and scams. Other likely effects of the election season are website defacement, DDoS attacks, spear phishing, and BEC.

The growth of cloud adoption through 2022 will coincide with the increase of cloud compromise and abuse. As organizations continue to rely on the cloud and cloud-hosted third-party providers, those third parties face mounting pressure to maintain confidentiality, integrity, and availability of customers’ data.

Cloud security misconfiguration and supply chain attacks will rank among the top cyber threats in 2022.  Towards the end of 2020, there was a devastating SolarWinds breach and in July 2021, the REvil ransomware gang exploited a Zero Day in Kaseya VSA to launch a supply-chain attack on its customers.

Neither of these attacks occurred in isolation. In 2022, we can expect that cybercrime gangs will continue to seek ways to hijack the digital transformation of organisations to deploy malicious code, infiltrate networks, and gain persistence in systems all over the world.

Insider threats pose a serious challenge for banks and other financial institutions in Nigeria.  Collusion between trusted insiders and cybercriminals will continue to increase in 2022.

The majority of frauds in the banking sector were perpetrated through insider information leaks. Fake alerts, sim swap scams, ATM card clones, use of ATM skimmers, and the likes, are highly successful when a bank insider is involved.

An insider threat is a malicious threat that comes from people within the organisation, such as employees, former employees, contractors, or business associates, who have privileged information concerning the organisation’s mode of operations and access to confidential information, which can assist cybercriminals to compromise the organisation or its customers.

According to a report by Abnormal Security in August 2021, a Nigeria-based ransomware gang was conducting a campaign that dangles a $1 million bribe, or a portion of any ransom collected to employees of targeted organisations if they will install ransomware on their corporate network.

It is expected that this kind of baits will be taken by more insiders in 2022 as inflation and other economic ills make life tougher for the average Nigerian.

The shift to remote work has moved from a temporary measure to help curb the spread of the virus to a more permanent strategy for many businesses.

A global survey conducted by Gartner found that 88% of organisations all over the world mandated or encouraged all their employees to work from home as the coronavirus started to spread at exponential rates. Furthermore, about 97% of the organizations immediately cancelled all work-related travel.

According to Gartner, almost 50% of employees will continue to work remotely post COVID-19. With the Omicron covid variant spreading globally, remote working will continue to be the preferred option for a very long time. Remote work will also continue to be exploited by cybercriminals in 2022.

This will come in form of phishing, man-in-the-middle attacks, malware attacks, and session hijacking.

Remote working has reshaped the threat landscape and has created new opportunities for attackers to change their approaches; and we expect this to get worse in the New Year. With more attackers entering the market with malware-as-a-service campaigns, bad actors will continue to target the essential tools that the virtual workforce is using.

These include Virtual Private Networks (VPN); which have weak security, exposed servers, and exchange email services and web applications.

Attackers will continue to exploit these servers and services or brute force them due to inefficient hardening practices.

Remi Afon is the President, Cyber Security Experts Association of Nigeria (CSEAN)