Nigeria faced an unprecedented wave of cybercrime in the third quarter of 2025, with a shocking surge in digital security incidents. A new report reveals that data breaches targeting Nigerian organizations skyrocketed by 1,047 per cent compared to the previous quarter, marking a dangerous new phase in the country's digital landscape.
A New Attack Strategy: Identity as the Weapon
The Eagle’s Eyes Q3 2025 cybersecurity report, released on 2 December 2025, details this alarming escalation. The data shows Nigeria endured an average of 6,101 cyber attacks per week starting in July, a relentless pace that continued throughout the quarter. This period represents a turning point, not just in the number of attacks, but in their sophistication, with high-value institutions in the fintech sector becoming prime targets.
Forensic analysis by cybersecurity firm esentry uncovered a decisive shift in criminal methodology. Attackers have largely abandoned exploiting technical software vulnerabilities. Instead, they are now predominantly gaining access using legitimate login credentials. These usernames and passwords are often stolen from old data leaks or belong to former employees whose access was never properly revoked.
Investigators found numerous cases where intruders used dormant service accounts, expired identity tokens, and overlooked access rights to slip into corporate networks. This approach allows them to establish a hidden presence, avoid immediate detection, and prepare for large-scale data theft.
From Opportunistic Hacks to Organized Campaigns
This new pattern marks a clear departure from the random, opportunistic hacking of past years. Today's cyber criminals treat digital identity as the primary point of entry. They meticulously study an organization's internal trust relationships and exploit poorly secured access pathways. Nigerian and African institutions are now facing adversaries who operate with remarkable patience and precision, blending their malicious activity with normal user behavior to evade early security systems.
Gbolabo Awelewa, Chief Business Officer (CBO) of esentry, commented on the findings. He stated that Nigeria is no longer battling simple cybercrime but is confronting "organized, identity-driven campaigns that move with intent, patience and precision." He emphasized that this critical moment is also an opportunity for change. With proper controls, stronger identity oversight, and early-warning intelligence, Nigerian organizations can get ahead of these threats.
The Path to Cyber Resilience
The report notes that this global shift towards identity-based attacks is hitting Nigeria with unusual intensity. The nation's rapid digitization, combined with inconsistent identity management practices, has created a vulnerable environment. As core technical infrastructure becomes more secure, attackers are refocusing on human and procedural weaknesses—specifically, how identities are managed and monitored.
Looking forward, the esentry report projects that identity-based threats will define the cybersecurity challenges for Nigerian organizations in the coming year. With criminals refining these intrusion methods, the urgent recommendation is for institutions to reassess their security frameworks. The priority must be continuous identity oversight and adopting systems that can detect the misuse of credentials before it leads to major operational disruption.
The nation's overall cyber resilience will depend on how quickly businesses and government bodies recognize that identity is the new critical security parameter and realign their defenses to protect it.
