Nigerian banks are increasingly finding themselves in the crosshairs of cybercriminals, with incidents of cyberattacks on financial institutions rising significantly.
Recently, Guarantee Trust Bank Plc (GTBank) confirmed an attempted hack on its website, just a day after renewing its domain name. This attack, which temporarily disrupted online services, raised concerns among customers about the potential compromise of sensitive data.
In response to fears that the bank’s website had been cloned and customer data exposed, GTBank swiftly issued a statement to reassure its customers.
The bank clarified that the hacking attempt was unsuccessful, the website was not cloned, and no customer data was compromised. GTBank also emphasised that customer information is not stored on the website, further assuring that its Information Security team is working tirelessly to restore full functionality to the site.
Read also: Afreximbank reports improved H1 scorecard despite economic headwinds
The timing of this cyberattack was particularly sensitive, coming just days after GTBank closed its Offer for a Subscription of 9 billion Ordinary Shares at N44.50 per share, aiming to raise N400.5 billion.
The subscription period, which ran from July 15 to August 12, 2024, is part of the bank’s effort to meet the recapitalisation target set by the Central Bank of Nigeria (CBN). This incident sends a stark warning to other financial institutions currently raising capital that they, too, are vulnerable to cyber threats.
Read also:
The rising tide of cybercrime in Nigeria
Nigeria has seen a dramatic increase in cybercrime in recent years. The Economic and Financial Crimes Commission (EFCC) reported that the country lost a staggering $706 million to cybercrime in 2022. Ola Olukayode, the EFCC Chairman, revealed that the commission had to freeze more than 300 bank accounts to protect the naira from further cyberattacks.
The Nigerian Communications Commission (NCC) corroborated these concerns, noting that Nigerian banks lost N8 billion to cybercrime in 2022.
Additionally, the NCC reported that Nigeria is losing $500 million annually to cybercriminal activities. These figures underscore the growing financial toll that cybercrime is taking on the country’s banking sector.
In 2021 alone, Nigerian banks reported financial losses of N193.5 billion ($544 million) due to fraudulent activities, a significant increase from the N153.4 billion ($431 million) lost in 2020.
This trend continued into 2022, with losses reaching N273 billion ($762 million). Projections for 2023 suggest that these losses could exceed N300 billion ($833 million), highlighting the urgent need for stronger cybersecurity measures across the sector.
The vulnerability of Nigeria’s banking sector
A report by the Financial Institutions Training Centre (FITC) revealed that Nigerian banks lost N2.72 billion to cybercrime-related activities in the first half of 2022 alone.
Fraudulent loans accounted for the highest loss, representing 94.35 percent of the total amount lost in the first quarter of 2023, equivalent to N5.46 billion.
Mobile fraud contributed to 3.39 percent of losses, totalling N196 million, while computer and web fraud withdrawals accounted for 1.03 percent, or N59.5 million.
The report also noted a 6.4 percent decrease in outsider involvement in fraud cases from the first to the second quarter of 2023, but there was a troubling 22.22 percent increase in fraud cases involving bank staff, rising from 72 cases in Q1 to 88 in Q2.
Emerging threats and the way forward
One of the most concerning trends is the rise of mobile money SIM swap fraud, which cost telecommunications consumers more than N20 billion ($55 million) in 2022, according to the NCC.
This method of fraud, which hijacks mobile money accounts, underscores the vulnerabilities of digital payment platforms and the need for enhanced security protocols.
Phishing attacks, in which cybercriminals pose as legitimate institutions to deceive individuals into divulging sensitive information, have also become more prevalent. A 2023 report by Check Point Research highlighted that Nigerian banks were among the top targets globally, with over 1.3 million phishing attempts detected in the first half of the year alone. This alarming trend calls for increased public awareness and education campaigns to help customers recognize and avoid phishing scams.
Read also: Three mortgage banks’ first-half earnings rise 54% to N1.7bn
Data breaches at FinTech companies further compound these risks. A significant breach at a leading Nigerian FinTech firm in 2021 exposed the personal and financial information of over 10 million customers, highlighting the critical need for stringent data protection practices and regulatory oversight.
Conclusion
The April 2024 Global Financial Stability Report by the IMF highlighted the growing concern of cyber risk for macrofinancial stability, urging authorities to bolster resilience in the financial sector. The report recommends developing a national cybersecurity strategy that includes effective regulation, supervision, and regular assessments of potential systemic risks, particularly from third-party service providers. It also emphasises the need for financial institutions to improve their cyber hygiene, elevate cyber governance to the board level, and enhance data reporting and incident response mechanisms. Additionally, international cooperation is deemed essential to tackle cyber threats that often cross borders, and financial firms are encouraged to develop and test response and recovery procedures to ensure they can maintain critical services during disruptions.
As financial institutions increasingly move online, the risk of cybersecurity breaches becomes more pronounced, particularly given the sensitive nature of the data they handle. The report underscores that as fraudsters become more sophisticated, it is crucial for financial institutions to adopt innovative tools and technologies to counter modern cyber threats.
As Nigeria’s banking sector continues to embrace digitalisation to meet the recapitalisation targets, the risks associated with cybercrime are expected to grow.
With financial losses mounting and cybercriminal tactics becoming increasingly sophisticated, it is imperative for Nigerian banks to strengthen their cybersecurity frameworks.
This includes investing in advanced security technologies, conducting regular security audits, and fostering a culture of cybersecurity awareness among employees and customers alike. Only by taking these proactive measures can Nigeria’s financial institutions hope to build a resilient defence against the threat of cybercrime.
