Home » Security » Cyberthreats in Nigeria are rising, but businesses still lack strong identity protection
Microsoft Nigeria
Mohamed El Nemr, Modern Workplace and Security Business Group Lead for Microsoft Middle East and Africa Emerging Markets

Cyberthreats in Nigeria are rising, but businesses still lack strong identity protection

Microsoft’s threat and data research shows just 22 percent of Cloud Identity Solution and Azure Active Directory users have implemented strong identity authentication protection


Thought Leadership by Mohamed El Nemr:

What would you imagine your username and password are worth to a hacker? According to Microsoft’s latest threat and data research, the average price for 1,000 stolen username password pairs is around $0.97. What’s more, securing 400 million username and password combinations in bulk will earn a cybercriminal around $150.

There can be little doubt, cybercriminals have our passwords in their sights. This is particularly the case in Africa where businesses are often more prone to cyberattacks than companies anywhere else in the world. According to one report, Nigeria ranked third in Africa, experiencing 16.7 million cyberattacks. South Africa ranked first with 32 million attacks, followed by Kenya at 28.3 million.

With weak passwords, password spraying, and phishing the entry point for most attacks, identity is the new battle ground of cyberthreats. And for organisations looking to protect themselves, preventing an identity from being misused or stolen, is now the highest priority. As part of the first edition of, Cyber Signals, Microsoft’s new quarterly cyberthreat intelligence brief, we take a closer look at the dangers of the rising mismatch in scale of identity-focused attacks in relation to levels of organisational preparedness.

The brief, which offers an expert perspective into the current threat landscape, aims to be a valuable resource to Chief Information Security Officers in Nigeria, as they navigate the constantly changing threat landscape. Cyber Signals aggregates insights we see from our research and security teams on the frontlines, including analysis from our 24 trillion security signals combined with intelligence we track by monitoring more than 40 nation-state groups and 140 threat groups.

READ ALSO  How to Safeguard Your Phone Life

The newly released research shows that though threats have been rising fast over the past two years, there has been low adoption of strong identity authentication, such as multifactor authentication and passwordless solutions. In fact, just 22 percent of Microsoft’s Cloud Identity Solution, Azure Active Directory, users had implemented strong identity authentication protection as of December 2021. 

However, the consequences of a data breach are now front of mind for 64 percent of companies in the Middle East and Africa (MEA) according to current Microsoft-IDC research. In fact risk experts across MEA rank cyber incidents as the second highest risk facing the region, largely because of the increase in both size and expense of data breaches.

This is helping push organisations in Nigeria to pay closer attention to digital identities. As it stands, confirming user identities with an additional layer of security is a key priority over the next six to 18 months for 60 percent of businesses in MEA.

Recognising the danger that comes with remote work and increased digitisation another 75 percent of companies in MEA are actively investing in identity and access management.

The right multifactor authentication (MFA) and passwordless solutions can go a long way in preventing a variety of threats. In fact, according to Cyber Signals, basic security hygiene still protects against 98 percent of attacks. Key recommendations for organisations looking to increase their level of security include:

Implement zero trust to reduce risk

Nation-states play the long game and have the funding, will, and scale to develop new attack strategies and techniques. Your security team should prioritise implementing zero-trust practices like MFA and passwordless upgrades as part of a security baseline. They can begin with privileged accounts to gain protection quickly, then expand from there.

READ ALSO  NITDA sets new data safety agenda

Prevent passwords falling into the wrong hands

Enabling MFA is an important weapon in fighting back. By so doing, your organisation mitigates the risk of passwords falling into the wrong hands. You can take this a step further by eliminating passwords altogether and, at the same time, eliminating administrative privileges through passwordless MFA.

Though passwords are a prime target for attacks, they’ve long been the most important layer of security for everything in our digital lives. People are expected to create complex and unique passwords, remember them, and change them frequently, but this is highly inconvenient, and nobody likes doing that. Ultimately, a passwordless future is a safer future.

Review account privileges regularly

Privileged-access accounts, if hijacked, become a powerful weapon attackers can use to gain greater access to networks and resources. Your security teams should be auditing access privileges frequently, using the principle of least-privilege granted to enable employees to get jobs done.

Constantly verify the authenticity of users and activities

Another fundamental aspect of your security hygiene should be to thoroughly review all tenant administrator users or accounts tied to delegated administrative privileges. This will help your organisation verify the authenticity of users and activities. Your security team should then disable or remove any unused delegated administrative privileges.

Attackers are constantly raising the bar. But leading with identity-focused solutions, including enforcing MFA, adopting passwordless solutions, and creating conditional access policies for all users dramatically improves protection for your devices and data. If identity is the new battle ground, then zero trust is the must-have weapon for fighting back.  

READ ALSO  Nigeria Regulator Reinforce Ties With States On Public Safety


***IT NEWS NIGERIA Covid-19 appeal: Your support most needed. Kindly donate to our continuous effort to deliver ICT and business journalism. All finance support to: IT NEWS NIGERIA: (Naira) 2032063480 – First Bank; 1016142005 – Zenith Bank. USD ($): 2032412071 – First Bank; 5071081792 – Zenith Bank. Thank you.

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *



Check Also

Expert issues strong warning about WhatsApp security, urges actions

*’If you have WhatsApp installed on ...

Deepfake scams phishing malware

Most important security challenge to organisations in coming years

The lack of specialised skills in ...

New research says data breaches top list of security concerns for Nigerian CIOs

*The study reveals that 72 percent ...

U.S. hosts Cybersecurity seminar

The U.S. Consulate says it has ...

Retail Industry is the Second Most Targeted Industry by Ransomware in 2021, Sophos Survey Finds

*77% of Retail Organizations were Hit ...

%d bloggers like this:
Skip to toolbar