Nigeria’s rising data breaches drive urgent need for enhanced data security

Joy Agwunobi

Nigeria has embraced a technological revolution that has breathed new life into its business landscape and nurtured a flourishing online economy. With affordable connectivity driving innovation, the nation finds itself in the throes of remarkable transformation. Yet, this progress brings with it a new challenge- balancing the wonders of a connected world with the pressing need for data privacy and protection.

As citizens increasingly upload sensitive personal information, such as National Identification Numbers (NIN) and Bank Verification Numbers (BVN), there are indications that the vulnerabilities in the system have been laid bare. Data breaches have left millions exposed to the predation of scammers, identity thieves, and other cybercriminals, casting doubt on the efficiency of Nigeria’s data protection laws and their enforcement.

Although the Nigeria Data Protection  Commission (NDPC) and the Nigeria Data Protection Act (NDPA) have aimed to establish a solid foundation for protecting citizens’ data rights, there are still evident gaps in the system. According to a report by cybersecurity firm Surfshark, data breach incidents in Nigeria have witnessed a sharp 64 percent increase in the first quarter of 2023, with 82,000 cases of data breaches recorded between January and March, placing Nigeria 32nd on the global list of countries most affected by such incidents.

In January 2024, the NDPC reported that it was actively investigating 17 major data breach cases across various sectors, with financial institutions topping the list. Banks and other financial service providers accounted for the majority of these cases. Additionally, the commission stated that it received over 1,000 data breach complaints in the first quarter of 2024 alone, highlighting the severity of the issue.

Amid escalating privacy concerns and the implementation of regulations like Nigeria’s Data Protection Act of 2023, analysts have pointed out that the urgency for businesses and individuals to comply with data protection laws and adopt proactive privacy measures is paramount.

Wole Abu, CEO of Liquid Intelligent Technologies, underscored the significance of data protection for businesses and individuals, stating the need to prevent cybercriminals from exploiting sensitive information. He stressed the importance of a strong government network to regulate data usage, collection, and transmission, enabling individuals and organisations to effectively detect, prevent, and respond to escalating cyber threats.

Abu acknowledged the rapid evolution of the digital economy, which has enabled unprecedented global interconnectedness and made the seemingly impossible a reality. He noted that with digital infrastructure facilitating financial transactions and information exchange worldwide, individuals and businesses are more connected than ever before.

Despite the exciting possibilities presented by this new era, the CEO of Liquid Intelligent Technologies,  emphasised that it also brings significant challenges, particularly in terms of data protection and privacy.

According to the technology expert, data encompasses a wide range of personal information, including details like gender, location, and online activities. He therefore highlighted the critical importance of safeguarding this data. In addition to regulatory measures, he stressed the need for increased public awareness and education on data privacy and protection.

Abu underscored the importance of adopting basic yet critical measures to protect personal data. He advised individuals to take the following actions:

-Set up multi-factor authentication to add an extra layer of security to their accounts.

       -Enable automatic updates to ensure their devices and software have the latest   security patches and features.

  -Utilise unique, strong 16-digit passwords for each account on their devices to minimize the risk of unauthorized access.

Adu also highlighted the importance of implementing mandatory cybersecurity training and awareness programmes within businesses to combat evolving threats like phishing and social engineering. Additionally, he noted that regular penetration testing is essential for companies to identify vulnerabilities and stay ahead of emerging cyber threats.

As AI-driven bots become more accessible and affordable, cybercriminals can automate attacks with greater ease. In light of this, Abu stressed the critical need for organisations to invest in robust security frameworks to safeguard their systems. He noted that by adopting these measures, businesses can mitigate the risks posed by the ever-changing digital landscape and protect themselves and their customers from potential cyber attacks.