Moyosore Kukoyi is a cybersecurity expert, educator, and entrepreneur with a mission to make cybersecurity accessible, actionable, and impactful. As the founder and CEO of Forward Edge Consulting Ltd, Moyosore has led initiatives that blend cutting-edge technology solutions with practical business applications, in this interview with KENNETH ATHEKAME he spoke about the cybersecurity challenges in Nigeria’s evolving economy. Excerpts:
What is the current state of cybersecurity in Nigeria?
Nigeria’s cybersecurity landscape is a mix of progress and challenges. While we’ve seen strides in awareness and the establishment of frameworks like the Cybercrimes Act, there’s still a significant gap in enforcement and infrastructure. Many organisations are yet to prioritize cybersecurity as a core aspect of their operations, leaving them vulnerable to growing cyber threats.
How has Nigeria’s growing digital economy influenced the need for stronger cybersecurity measures?
The expansion of Nigeria’s digital economy, from e-commerce to fintech, has increased the volume of sensitive data being processed daily. It’s only logical to expect and realize that this growth is attracting cybercriminals, making robust cybersecurity measures critical for protecting digital assets, building consumer trust, and ensuring economic resilience in a digital-first world.
What are the most common cyber threats affecting Nigerian businesses and government institutions?
Phishing, ransomware, business email compromise (BEC), and insider threats are the most common cyber threats affecting Nigerian Businesses and Government Institutions. Insider Threat being the most dangerous and most challenging to tackle. Attackers exploit weak security practices and human error to gain access to sensitive data, often targeting financial and government institutions due to the valuable information they hold.
How do cyberattacks affect Nigeria’s economic stability and growth?
Cyberattacks erode trust in digital systems, which can deter investments and slow digital adoption. The financial losses from cybercrime also drain resources that could be reinvested in innovation and growth, compounding the challenges for an already developing economy.
What sectors of the Nigerian economy are most vulnerable to cyber threats, and why?
The financial, telecom, and public sectors are prime targets due to the sensitive data they handle. SMEs are also vulnerable because many lack the resources to implement strong cybersecurity measures, making them easy targets for attackers.
Can you quantify the financial losses caused by cybercrime in Nigeria annually?
Recent reports estimate that Nigeria loses approximately $500 million annually to cybercrime. However, the actual figure could be higher due to underreporting, especially among SMEs and individuals.
How do ransomware and phishing scams impact small and medium enterprises (SMEs) in Nigeria?
As we’re well aware, ransomware attacks can have devastating consequences. When SMEs fall victim, the ransom fees demanded by attackers can be crippling, leading to significant financial losses. Moreover, phishing scams can compromise sensitive information and funds, causing reputational damage and, in some cases, even business closures.
What is your assessment of Nigeria’s cybersecurity laws and policies, such as the Cybercrimes Act?
The Nigerian Cybersecurity Policy and Strategy and the Cybercrimes Act are a significant step forward, providing a legal framework to combat cybercrime. However, the issue still remains. There is enough room for growth in that aspect but then we can see gradual improvement.
What is the current state of cybersecurity in Nigeria?
Nigeria’s cybersecurity landscape is a mix of progress and challenges. While we’ve seen strides in awareness and the establishment of frameworks like the Cybercrimes Act, there’s still a significant gap in enforcement and infrastructure. Many organizations are yet to prioritize cybersecurity as a core aspect of their operations, leaving them vulnerable to growing cyber threats.
How has Nigeria’s growing digital economy influenced the need for stronger cybersecurity measures?
The expansion of Nigeria’s digital economy, from e-commerce to fintech, has increased the volume of sensitive data being processed daily. It’s only logical to expect and realize that this growth is attracting cybercriminals, making robust cybersecurity measures critical for protecting digital assets, building consumer trust, and ensuring economic resilience in a digital-first world.
What are the most common cyber threats affecting Nigerian businesses and government institutions?
Phishing, ransomware, business email compromise (BEC), and insider threats are the most common cyber threats affecting Nigerian Businesses and Government Institutions. Insider Threat being the most dangerous and most challenging to tackle. Attackers exploit weak security practices and human error to gain access to sensitive data, often targeting financial and government institutions due to the valuable information they hold.
How do cyberattacks affect Nigeria’s economic stability and growth?
Cyberattacks erode trust in digital systems, which can deter investments and slow digital adoption. The financial losses from cybercrime also drain resources that could be reinvested in innovation and growth, compounding the challenges for an already developing economy.
What sectors of the Nigerian economy are most vulnerable to cyber threats, and why?
The financial, telecom, and public sectors are prime targets due to the sensitive data they handle. SMEs are also vulnerable because many lack the resources to implement strong cybersecurity measures, making them easy targets for attackers.
Can you quantify the financial losses caused by cybercrime in Nigeria annually?
Recent reports estimate that Nigeria loses approximately $500 million annually to cybercrime. However, the actual figure could be higher due to underreporting, especially among SMEs and individuals.
How do ransomware and phishing scams impact small and medium enterprises (SMEs) in Nigeria?
As we’re well aware, ransomware attacks can have devastating consequences. When SMEs fall victim, the ransom fees demanded by attackers can be crippling, leading to significant financial losses. Moreover, phishing scams can compromise sensitive information and funds, causing reputational damage and, in some cases, even business closures.
What is your assessment of Nigeria’s cybersecurity laws and policies, such as the Cybercrimes Act?
The Nigerian Cybersecurity Policy and Strategy and the Cybercrimes Act are a significant step forward, providing a legal framework to combat cybercrime. However, the issue still remains. There is enough room for growth in that aspect but then we can see gradual improvement.
Are there gaps in Nigeria’s regulatory framework that leave businesses vulnerable to cyber threats?
Yes, gaps include insufficient enforcement mechanisms, lack of sector-specific cybersecurity guidelines, and inadequate coordination among regulatory bodies. Addressing these gaps requires a more proactive and collaborative approach between stakeholders.
How can the Nigerian government and private sector collaborate to improve cybersecurity infrastructure?
Collaboration is key. The government can provide a regulatory framework and funding, while the private sector can offer expertise and innovative solutions. Public-private partnerships focused on information sharing, skill development, and joint cybersecurity initiatives can significantly enhance infrastructure.
How does the lack of adequate technological infrastructure impact Nigeria’s ability to combat cybercrime?
Inadequate infrastructure limits detection, response, and recovery capabilities. Without modern tools like AI-driven threat detection systems and scalable cloud solutions, Nigeria remains reactive rather than proactive in combating cyber threats.
What role does cloud computing and AI play in improving cybersecurity in Nigeria?
Cloud computing does not inherently improve cybersecurity but serves as a foundational enabler by offering scalable and cost-effective solutions for data storage and security. The real impact lies in cloud security, which plays a critical role in safeguarding sensitive information stored on cloud platforms. With more Nigerian organizations adopting cloud services, robust cloud security measures are essential to prevent breaches that could compromise vast amounts of data.
AI, on the other hand, is transforming cybersecurity processes globally, including in Nigeria. Many modern security tools are AI-powered, leveraging advanced machine learning models to identify and respond to threats. A notable advantage is the decline in reliance on traditional signature-based threat detection, as AI-powered tools use deep learning capabilities to detect previously unknown threats, including zero-day vulnerabilities.
Moreover, AI significantly reduces the need for human intervention in enterprise environments by automating complex processes such as threat hunting, incident response, and anomaly detection. This not only enhances efficiency but also makes cybersecurity more affordable, especially for resource-constrained organizations. By reducing the dependency on large teams of experts, AI allows businesses to scale their security measures effectively.
To stay ahead in the ever-evolving global threat landscape, I strongly encourage Nigerian organizations to upgrade their infrastructure with AI-powered tools. This investment will not only enhance their defensive capabilities but also position them to adapt more rapidly to emerging threats in a cost-effective manner.
How can Nigeria address the challenge of inadequate cybersecurity talent and skills?
I often argue that Nigeria doesn’t lack cybersecurity talent. From my experience in this space and professional relationships with many local experts, I can confidently say that the talent pool exists. However, the real gap lies in leadership—cybersecurity leaders who understand the value of security, can identify and nurture talent, and drive strategic cybersecurity initiatives within organizations.
The perception of a talent shortage is partly driven by a lack of investment in local professionals. Too often, we undervalue homegrown talent, leading many skilled individuals to seek opportunities abroad where their expertise is recognized and rewarded. This contributes to a brain drain, where Nigerians excel internationally while we tell ourselves there’s a shortage at home.
Another issue is the misconception in many established organizations that IT teams can fully handle cybersecurity responsibilities. While IT professionals are critical to infrastructure management, cybersecurity requires a distinct skill set. For instance, a DevSecOps engineer, trained in both development and security, is better suited for securing applications and processes than a traditional DevOps engineer with limited security expertise.
To bridge this gap, we must:
Create more cybersecurity job opportunities across sectors.
Support and prioritize local cybersecurity businesses.
Invest in robust cybersecurity training programs.
Encourage Nigerian universities to integrate cybersecurity into their curriculums, ensuring we produce well-rounded graduates with technical and strategic skills.
By focusing on these areas, we can nurture a thriving ecosystem where local talent is retained, empowered, and recognized as a critical asset in safeguarding Nigeria’s digital future.
How well-informed are Nigerian citizens and businesses about cyber threats and best practices?
Awareness of cybersecurity in Nigeria is growing, but it remains insufficient. Many citizens and businesses still fall victim to basic scams due to a lack of understanding of cyber hygiene practices. Bridging this gap requires continuous education, outreach, and support from both the private and public sectors.
Good enough, my company, Forward Edge Consulting Ltd., has been actively addressing this challenge. We train individuals looking to start a career in cybersecurity, and we organize international and local programs supported by public and private sector organizations in Nigeria. As part of our efforts, we’ve provided 100% scholarships to participants globally through our Cybersecurity Bootcamp, enabling deserving individuals to access high-quality training.
Currently, we are preparing to launch a 5-day Cyber and Physical Security Training Program for Businesses in Nigeria, starting on the 18th of January 2025. This program is designed to train key stakeholders—including founders, C-level executives, IT teams, and administrative staff—who have the responsibility to protect their organizations. I often liken Businesses to a baby that requires the entire family’s collective effort to safeguard. Similarly, protecting businesses demands contributions from all involved.
While we are doing our part to drive a cybersecurity culture, the government and enterprises in Nigeria need to do more. Support from these entities when we initiate programs aimed at building a cyber-resilient Nigeria would significantly enhance our collective impact. By working together—whether through funding, collaboration, or direct action—we can create a safer and more secure digital landscape for everyone.
What initiatives could be taken to raise awareness about cybersecurity in Nigeria?
Public campaigns, workshops, and online content tailored to different audiences are effective strategies for raising cybersecurity awareness. These approaches help ensure that key messages reach people in ways they can easily understand and apply.
On a personal level, I created the persona “CyberMo” to simplify cybersecurity concepts and make them relatable. Through CyberMo, I consistently produce fun and engaging content that highlights best practices and educates individuals and organizations on protecting themselves against cyberattacks. This approach has been highly effective in breaking down complex cybersecurity concepts into easily digestible insights, significantly increasing engagement and understanding among a wide audience.
Government agencies like the National Orientation Agency (NOA) could explore similar initiatives if it aligns with their mandate. Other bodies or individuals tasked with promoting cybersecurity awareness can also draw inspiration from this approach, leveraging creative and relatable methods to drive awareness at scale. By adopting these strategies, we can collectively foster a more cyber-aware society in Nigeria.
How important is cybersecurity training for Nigeria’s workforce, and what sectors should prioritize it?
Cybersecurity training is crucial for every sector, but financial services, government, and critical infrastructure providers should prioritize it due to the high risks they face. A trained workforce is the first line of defense against cyber threats.
How does Nigeria’s cybersecurity posture affect its international trade and foreign investment prospects?
A strong cybersecurity posture builds trust, encouraging international businesses to invest and trade with Nigeria. Conversely, high-profile breaches can deter investors, emphasizing the need for robust cybersecurity as a core component of economic strategy.
Yes, gaps include insufficient enforcement mechanisms, lack of sector-specific cybersecurity guidelines, and inadequate coordination among regulatory bodies. Addressing these gaps requires a more proactive and collaborative approach between stakeholders.
How can the Nigerian government and private sector collaborate to improve cybersecurity infrastructure?
Collaboration is key. The government can provide a regulatory framework and funding, while the private sector can offer expertise and innovative solutions. Public-private partnerships focused on information sharing, skill development, and joint cybersecurity initiatives can significantly enhance infrastructure.
How does the lack of adequate technological infrastructure impact Nigeria’s ability to combat cybercrime?
Inadequate infrastructure limits detection, response, and recovery capabilities. Without modern tools like AI-driven threat detection systems and scalable cloud solutions, Nigeria remains reactive rather than proactive in combating cyber threats.
What role does cloud computing and AI play in improving cybersecurity in Nigeria?
Cloud computing does not inherently improve cybersecurity but serves as a foundational enabler by offering scalable and cost-effective solutions for data storage and security. The real impact lies in cloud security, which plays a critical role in safeguarding sensitive information stored on cloud platforms. With more Nigerian organizations adopting cloud services, robust cloud security measures are essential to prevent breaches that could compromise vast amounts of data.
AI, on the other hand, is transforming cybersecurity processes globally, including in Nigeria. Many modern security tools are AI-powered, leveraging advanced machine learning models to identify and respond to threats. A notable advantage is the decline in reliance on traditional signature-based threat detection, as AI-powered tools use deep learning capabilities to detect previously unknown threats, including zero-day vulnerabilities.
Moreover, AI significantly reduces the need for human intervention in enterprise environments by automating complex processes such as threat hunting, incident response, and anomaly detection. This not only enhances efficiency but also makes cybersecurity more affordable, especially for resource-constrained organizations. By reducing the dependency on large teams of experts, AI allows businesses to scale their security measures effectively.
To stay ahead in the ever-evolving global threat landscape, I strongly encourage Nigerian organizations to upgrade their infrastructure with AI-powered tools. This investment will not only enhance their defensive capabilities but also position them to adapt more rapidly to emerging threats in a cost-effective manner.
How can Nigeria address the challenge of inadequate cybersecurity talent and skills?
I often argue that Nigeria doesn’t lack cybersecurity talent. From my experience in this space and professional relationships with many local experts, I can confidently say that the talent pool exists. However, the real gap lies in leadership—cybersecurity leaders who understand the value of security, can identify and nurture talent, and drive strategic cybersecurity initiatives within organisations.
The perception of a talent shortage is partly driven by a lack of investment in local professionals. Too often, we undervalue homegrown talent, leading many skilled individuals to seek opportunities abroad where their expertise is recognized and rewarded. This contributes to a brain drain, where Nigerians excel internationally while we tell ourselves there’s a shortage at home.
Another issue is the misconception in many established organizations that IT teams can fully handle cybersecurity responsibilities. While IT professionals are critical to infrastructure management, cybersecurity requires a distinct skill set. For instance, a DevSecOps engineer, trained in both development and security, is better suited for securing applications and processes than a traditional DevOps engineer with limited security expertise.
To bridge this gap, we must:
Create more cybersecurity job opportunities across sectors.
Support and prioritize local cybersecurity businesses.
Invest in robust cybersecurity training programs.
Encourage Nigerian universities to integrate cybersecurity into their curriculums, ensuring we produce well-rounded graduates with technical and strategic skills.
By focusing on these areas, we can nurture a thriving ecosystem where local talent is retained, empowered, and recognized as a critical asset in safeguarding Nigeria’s digital future.
How well-informed are Nigerian citizens and businesses about cyber threats and best practices?
Awareness of cybersecurity in Nigeria is growing, but it remains insufficient. Many citizens and businesses still fall victim to basic scams due to a lack of understanding of cyber hygiene practices. Bridging this gap requires continuous education, outreach, and support from both the private and public sectors.
Good enough, my company, Forward Edge Consulting Ltd., has been actively addressing this challenge. We train individuals looking to start a career in cybersecurity, and we organize international and local programs supported by public and private sector organizations in Nigeria. As part of our efforts, we’ve provided 100% scholarships to participants globally through our Cybersecurity Bootcamp, enabling deserving individuals to access high-quality training.
Currently, we are preparing to launch a 5-day Cyber and Physical Security Training Program for Businesses in Nigeria, starting on the 18th of January 2025. This program is designed to train key stakeholders—including founders, C-level executives, IT teams, and administrative staff—who have the responsibility to protect their organizations. I often liken Businesses to a baby that requires the entire family’s collective effort to safeguard. Similarly, protecting businesses demands contributions from all involved.
While we are doing our part to drive a cybersecurity culture, the government and enterprises in Nigeria need to do more. Support from these entities when we initiate programs aimed at building a cyber-resilient Nigeria would significantly enhance our collective impact. By working together—whether through funding, collaboration, or direct action—we can create a safer and more secure digital landscape for everyone.
What initiatives could be taken to raise awareness about cybersecurity in Nigeria?
Public campaigns, workshops, and online content tailored to different audiences are effective strategies for raising cybersecurity awareness. These approaches help ensure that key messages reach people in ways they can easily understand and apply.
On a personal level, I created the persona “CyberMo” to simplify cybersecurity concepts and make them relatable. Through CyberMo, I consistently produce fun and engaging content that highlights best practices and educates individuals and organizations on protecting themselves against cyberattacks. This approach has been highly effective in breaking down complex cybersecurity concepts into easily digestible insights, significantly increasing engagement and understanding among a wide audience.
Government agencies like the National Orientation Agency (NOA) could explore similar initiatives if it aligns with their mandate. Other bodies or individuals tasked with promoting cybersecurity awareness can also draw inspiration from this approach, leveraging creative and relatable methods to drive awareness at scale. By adopting these strategies, we can collectively foster a more cyber-aware society in Nigeria.
How important is cybersecurity training for Nigeria’s workforce, and what sectors should prioritize it?
Cybersecurity training is crucial for every sector, but financial services, government, and critical infrastructure providers should prioritize it due to the high risks they face. A trained workforce is the first line of defense against cyber threats.
How does Nigeria’s cybersecurity posture affect its international trade and foreign investment prospects?
A strong cybersecurity posture builds trust, encouraging international businesses to invest and trade with Nigeria. Conversely, high-profile breaches can deter investors, emphasizing the need for robust cybersecurity as a core component of economic strategy.
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
