Nigeria’s growing exposure to cyber threats underscores the urgent need for enhanced cybersecurity across its critical sectors, namely, oil and gas, finance, government, and healthcare.
According to Check Point’s African Perspectives on Cyber Security Report 2024, Nigeria continues to experience one of the highest frequencies of cyberattacks in Africa, with organisations targeted an average of 3,759 times per week.
“This alarming statistic highlights the urgent need for robust cybersecurity measures to protect critical sectors, including oil and gas, finance, government, and healthcare,” the report stated.
Kingsley Oseghale, country manager for West Africa, Check Point Software Technologies, said, “Given the strategic economic significance of Nigeria’s oil and gas industry, it is vital that it prioritises its cybersecurity.”
Read also: Low margins, liquidity crunch put Nigeria’s downstream oil sector under pressure
The oil and gas sector is a cornerstone of Nigeria’s economy, contributing approximately 5.5 percent to GDP and accounting for about 90 percent of foreign exchange earnings, according to Statista. Beyond these figures, the industry also plays a vital role in funding infrastructure, public services, and social programs.
However, frequent cyberattacks are hindering the sector’s full potential. “Successful cyber-attacks on the energy sector as a whole can lead to operational disruptions, financial losses, and the compromise of sensitive data,” Oseghale added.
Nigeria holds the largest natural gas reserves in Africa. The current administration aims to position the country as a global gas hub, attracting international investments. The expected completion of the Dangote Refinery in 2025, with a refining capacity of 650,000 barrels per day, is projected to boost local economic growth and reduce fuel import dependence.
Globally, the oil and gas industry remains a high-risk target. A joint U.S. advisory, issued by the FBI, Cybersecurity and Infrastructure Security Agency (CISA), Environmental Protection Agency, and Department of Energy, warned operators to fortify their operational technology (OT) and industrial control systems against cyber threats.
The warning comes amid a rise in attacks by “unsophisticated” actors targeting energy and transportation systems.
In one notable incident in 2017, Check Point researchers uncovered a campaign led by a Nigerian individual who targeted over 4,000 organisations, including oil and gas firms. Posing as representatives from Saudi Aramco, the attackers used phishing emails to trick employees into revealing bank details or opening malware-laden attachments.
Read also: Nigeria’s oil sector and the ‘Very Bad People’
“Despite the relatively basic and elementary intrusion techniques used by these actors, the presence of poor cyber hygiene and exposed assets on these systems can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions, and, in severe cases, physical damage,” the federal government stated.
Check Point Research (CPR) notes that cybercriminals commonly exploit the oil and gas sector using malware and phishing emails to gain access to sensitive information.
Globally, phishing attacks surged in 2024, with email remaining the most common vector, used in 68 percent of attacks, according to Check Point’s The State of Global Cyber Security 2025.
“However, the most common vulnerability exploit type in Nigeria is information disclosure, impacting 80 percent of the organisations,” Oseghale stated. “This is often achieved through phishing emails.”
He added, “Implement strict policies and deploy endpoint protection to mitigate risks from personal devices accessing corporate resources.
“Leverage AI-driven tools to monitor and preempt disinformation campaigns and emerging threats and address known vulnerabilities proactively to limit exposure to widespread exploits.”
