Chief Technology Officer at Deimos, Jaco Nel, speaks with LAOLU AFOLABI about Africa’s rising cyber threat landscape. The CTO of the leading hybrid/multi-cloud professional services company specialising in cloud-native development and security operations sheds light on why Nigeria and South Africa are vulnerable to cyberattacks and offers insights into addressing these challenges.

Cyber threats are on the rise across Africa, with Nigeria and South Africa emerging as primary targets. What makes these nations particularly vulnerable, and how do their challenges stack up against those faced by other African countries?

Nigeria and South Africa are particularly vulnerable to cyber threats due to their economic prominence, high internet adoption, and rapid digital transformation. As two of Africa’s largest economies, they host significant financial activity and rely heavily on digital platforms, making them prime targets for cybercriminals seeking financial gain. Nigeria has a massive and growing online population, while South Africa boasts one of the highest internet penetration rates on the continent. This widespread connectivity increases the attack surface for malicious actors.

Both countries also face challenges with outdated infrastructure and legacy systems, which are more susceptible to exploitation. While their rapid digital adoption is a strength, it also leaves gaps in security preparedness, creating opportunities for sophisticated threat actors, including organised cybercrime groups and state-sponsored attackers.

Can you share a recent real-world example of a cyberattack that highlights the evolving nature of threats in Africa?

In April 2024, a Nigerian fintech company experienced a security breach leading to unauthorised transfers. While the company did not disclose the exact amount, reports indicated that up to N11bn (approximately $7m) was compromised. The attackers routed funds through multiple accounts across various financial institutions to evade detection, underscoring vulnerabilities in the fintech sector. This specific incident highlights the threat to fintech organisations at the forefront of technology in Africa.

With African governments enforcing stricter data sovereignty laws, what are the biggest security risks businesses now face?

The push for data localisation, along with growing concerns about privacy and security, is driving many African nations to introduce specific regulations dictating how and where data should be stored and processed. While this shift is crucial for protecting sensitive information, it also introduces new security challenges that businesses must navigate.

One of the biggest risks is that localising data, whether in on-premise data centres or local cloud platforms, creates highly concentrated targets for cybercriminals. The more data is clustered in local infrastructure, the more attractive it becomes for attacks, including ransomware, data breaches, and insider threats. The challenge for businesses isn’t just meeting compliance requirements; it’s ensuring that the data they are now required to keep within borders is properly secured against increasingly sophisticated cyber threats.

Regulatory fragmentation is another growing concern. With different countries implementing their versions of data sovereignty laws, companies operating across multiple markets may struggle to create a unified security strategy. The inconsistencies in compliance frameworks could leave businesses exposed to both security vulnerabilities and potential penalties for non-compliance.

To stay ahead, businesses will need to rethink their approach to security. Investing in stronger cybersecurity frameworks that protect data at rest and in transit will be essential. Finding the right cloud and technology partners, like Deimos, who understand Africa’s evolving regulatory environment will also be critical in ensuring compliance without compromising security. At the same time, companies and businesses will need to develop contingency plans for data breaches that align with local legislation to avoid costly penalties.

How should Nigerian businesses balance compliance with global cybersecurity best practices to avoid unintended risks?

Nigerian businesses should view compliance with local cybersecurity standards as the baseline rather than the complete solution. Compliance ensures adherence to essential security measures, but it doesn’t guarantee comprehensive protection. To avoid unintended risks, businesses need to establish a robust security strategy that goes beyond mere compliance and addresses all aspects of their operations.

A strong security posture requires adequate investment in skilled cybersecurity professionals and continuous training to raise security awareness across all levels of the organisation. By fostering a culture where security is a shared responsibility, businesses can better anticipate, detect, and respond to threats. Additionally, integrating compliance with a proactive approach to security — through regular risk assessments, updated incident response plans, and tailored security measures — ensures that organisations are prepared to handle evolving cyber threats, rather than simply meeting minimum requirements.
https://punchng.com/why-nigeria-safrica-top-cybercrime-hit-lists-deimos-cto/