Follow Us on Google
From Adanna Nnamani, Abuja
The Nigeria Data Protection Commission (NDPC) has raised the alarm over escalating cyber threats targeting the nation’s financial systems and critical digital infrastructure, warning organisations to urgently strengthen their data security frameworks.
In a regulatory advisory issued on Wednesday, the Commission disclosed that its technical assessment had uncovered coordinated activities by shadowy threat actors aimed at compromising sensitive data and disrupting key systems across the country.
The NDPC said the development poses significant risks to financial institutions, government agencies, and other data controllers and processors.
The Commission reminded public institutions of the directive by President Bola Tinubu, which emphasises the importance of safeguarding data as a national asset.
According to the advisory, all Ministries, Departments and Agencies (MDAs) are required to rigorously capture and protect data in line with the provisions of the Nigeria Data Protection Act, 2023.
To mitigate the growing threats, the NDPC urged organisations to immediately step up both technical and organisational measures.
These include appointing certified Data Protection Officers, implementing robust privacy policies, conducting Data Privacy Impact Assessments, and deploying stronger identity and access controls such as Multi-Factor Authentication (MFA).
Other News
The Commission also emphasised the need for advanced cybersecurity measures, including zero-trust architecture, network segmentation, real-time monitoring, and encryption protocols.
It further advised organisations to carry out regular vulnerability assessments and penetration testing, while ensuring continuous system updates and patch management to address emerging risks.
Reiterating its commitment to protecting personal data, the NDPC warned that failure to comply with the provisions of the Nigeria Data Protection Act could attract legal consequences.
It, however, assured stakeholders of regulatory support to help strengthen data privacy and security across all sectors of the economy.
“Our technical assessment has revealed coordinated and increasingly sophisticated activities by threat actors targeting financial systems and critical digital infrastructure across Nigeria.
These attacks are not isolated incidents but part of a broader pattern that demands immediate and decisive action from all data controllers and processors.
“Data controllers and processors must, as a matter of urgency, strengthen their technical and organisational safeguards. This includes the deployment of multi-factor authentication, adoption of zero-trust security architecture, continuous system monitoring, and timely remediation of identified vulnerabilities. The protection of personal data is not optional but a legal and regulatory obligation under the Nigeria Data Protection Act, 2023.
“Organisations that fail to implement adequate data protection measures risk significant legal and financial consequences. The Commission remains committed to providing necessary regulatory support, but compliance is mandatory. Safeguarding personal data is central to building trust, ensuring national security, and sustaining Nigeria’s digital economy,” the NDPC warned.
