Follow Us on Google
By Chinenye Anuforo
Digital Encode Limited, an information security and Governance, Risk and Compliance (GRC) advisory firm, has raised concerns over a recent surge in cybersecurity breaches affecting financial institutions, government agencies, fintech firms and other organisations across Nigeria.
The firm, in a cybersecurity advisory issued on Tuesday, warned that threat actors have increasingly targeted both public and private sector institutions, exposing sensitive data and highlighting weaknesses in existing cybersecurity frameworks.
According to the advisory signed by the Chief Visionary Officer of Digital Encode, Prof. Obadare Adewale Peter, many of the recent breaches were not the result of sophisticated cyberattacks but stemmed from basic security lapses and poor implementation of existing safeguards.
He noted that attackers are increasingly exploiting misconfigured systems and publicly exposed digital assets, including unsecured databases, open cloud storage platforms, leaked application programming interface (API) keys and internet-facing servers.
According to him, such vulnerabilities are often easily discovered through publicly available repositories, cloud indexing tools and dark web marketplaces.
The firm identified several areas of concern, including publicly accessible cloud storage exposing customer and operational data, hardcoded secrets in web and mobile applications, leaked credentials, weak internal access controls, exposed administrative endpoints and inadequate vendor risk management practices.
Other vulnerabilities highlighted include poor authentication controls, weak token lifecycle management and the uncontrolled use of third-party hosting platforms.
Digital Encode noted that these weaknesses are prevalent across several sectors, particularly financial institutions, payment service providers, fintech companies and government platforms.
Other News
Prof. Peter said organisations affected by recent breaches were largely compromised due to failures in enforcing existing security controls rather than advanced hacking techniques.
“Organisations must ensure that cloud resources linked to their operations do not permit anonymous access. They must also verify that cloud credentials and API tokens are not exposed in repositories, container registries or deployed applications, while ensuring that all APIs enforce proper authentication and authorisation controls at all times,” he said.
The firm stressed that most of the identified risks can be mitigated through readily available security tools and industry best practices, pointing to what it described as a significant gap between cybersecurity policy and implementation.
As part of its recommendations, Digital Encode urged organisations to immediately conduct comprehensive audits of all internet-facing assets, including third-party systems, and revoke or rotate exposed passwords, API keys and access tokens.
The company also advised organisations to review historical logs for evidence of prior compromise, strengthen monitoring and threat detection systems, remediate identified misconfigurations and engage vendors to address third-party security risks.
It further emphasized the need for greater visibility into shadow IT systems and unauthorised deployments, warning that such environments increasingly serve as entry points for cybercriminals.
Reaffirming its commitment to supporting organisations through security assessments and control validation services, Digital Encode urged businesses and public institutions to adopt a proactive approach to cybersecurity.
“We strongly advise that this advisory be actioned without delay. Proactive security hygiene, rather than reactive response, will determine resilience in Nigeria’s evolving threat landscape,” Prof. Peter said.
