By 
The oil and gas industry is a cornerstone of Nigeria’s economy, contributing about 5.5% to the country’s GDP and accounting for around 90% of its foreign exchange earnings. (statista.com).
RELATED: How technology is boosting oil and gas trading, by Flagship Energy
Beyond its substantial contribution to GDP and foreign exchange earnings, the sector is also pivotal in funding infrastructural development, social programs, and public services. However, the sector’s potential is being hampered by pervasive cyber attacks that face Nigeria as a whole.
Nigeria faces highest frequencies of cyber attacks in Africa
According to Check Point’s African Perspectives on Cyber Security Report 2024, Nigeria continues to face one of the highest frequencies of cyber attacks in Africa, with organisations being attacked on average 3,759 times per week. This alarming statistic highlights the urgent need for robust cyber security measures to protect critical sectors including oil and gas, finance, government, and healthcare.
“Nigeria has the largest natural gas reserves in Africa, with efforts by the current Government to position the country as a global hub for gas and encourage major international investment,” says Kingsley Oseghale, Country Manager West Africa, Check Point Software Technologies.
The pending completion of the Dangote Refinery in 2025, among other industry developments, is expected to boost Nigeria’s refining capacity by 650,000 barrels a day, potentially reducing reliance on fuel imports and bolstering local economic growth.
Cyber-attacks on the energy sector bring disruptions, financial losses
“Given the strategic economic significance of Nigeria’s oil and gas industry, it is vital that it prioritises its cyber security,” says Kingsley Oseghale, Country Manager West Africa, Check Point Software Technologies.
“Successful cyber-attacks on the energy sector as a whole, can lead to operational disruptions, financial losses, and the compromise of sensitive data,” Oseghale says.
Globally the oil and natural gas industry is under threat. Just last week, a US joint advisory released by the FBI, Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Department of Energy (DOE), warned industry players to beef up their operational technology (OT) and industrial control systems. (ICS)
This is following “unsophisticated” cyber actors targeting industrial systems within the oil and natural gas sectors, specifically in energy and transportation systems.
Poor cyber hygiene exposes assets on to continuous threats
“Despite the relatively basic and elementary intrusion techniques used by these actors, the presence of poor cyber hygiene and exposed assets on these systems can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage”, according to the federal government.
According to Check Point Research (CPR), cybercriminals employ various malware strains to compromise the oil and gas sector, employing tactics such as phishing emails and malicious software to infiltrate systems and extract sensitive information. Globally phishing attacks escalated in 2024 with email being the most common attack vector at a staggering 68%, according to Check Point’s The State of Global Cyber Security 2025.
“However, the most common vulnerability exploit type in Nigeria is Information Disclosure, impacting 80% of the organisations,” says Oseghale.
This is often achieved through phishing emails.
Phishing Campaigns and Malware Deployment
In a notable case from 2017, Check Point researchers uncovered a campaign where a Nigerian individual targeted over 4,000 organisations, including those in the oil and gas industry. The attacker sent fraudulent emails purporting to be from Saudi Aramco, a major oil producer, aiming to deceive financial staff into revealing company bank details or opening malware-infected attachments.
More recently, Check Point’s April 2025 Monthly Most Wanted Malware Report identified FakeUpdates as the most prevalent malware affecting various sectors in Nigeria, including oil and gas. FakeUpdates typically infiltrates systems through deceptive browser update prompts on compromised websites, subsequently enabling large-scale ransomware attacks.
“Cyber security in 2025 is not only about protecting networks; it’s about safeguarding trust in our systems and institutions,” Kingsley says.
Cyber security recommendations
According to Oseghale, the immediate measures organisations can take to security their IT infrastructure are as follows:
- Strengthen BYOD Security: Implement strict policies and deploy endpoint protection to mitigate risks from personal devices accessing corporate resources.
- Invest in Threat Intelligence: Leverage AI-driven tools to monitor and preempt disinformation campaigns and emerging threats.
- Enhance Patch Management: Address known vulnerabilities proactively to limit exposure to widespread exploits.
- Secure Edge Devices: Implement robust security measures for routers, VPNs, and IoT devices to prevent them from becoming operational relay boxes for attackers.
- Focus on Resilience: Prepare for persistent threats with comprehensive incident response plans and continuous monitoring.
“The increasing adoption of advanced AI-driven solutions, such as those offered by Check Point are playing a pivotal role in closing the industry cyber security gaps. However, with the rapid digitisation of Nigeria’s economy, we must remain vigilant and continue to push for greater investment in cybersecurity infrastructure to safeguard the country’s digital future,” Oseghale concludes.
Read the full report here: https://www.checkpoint.com/security-report/
