The Nigeria Data Protection Commission (NDPC), which is in charge of protecting data in Nigeria, has raised the alarm about what it calls coordinated cyber threats against the country’s financial systems and important digital infrastructure. It has told businesses to quickly strengthen their data security systems.
The commission, through its Head of Legal, Enforcement, and Regulations, Babatunde Bamigboye, called for organizations that handle personal data to take action right away in an advisory.
The commission said that its technical review found that shadowy threat actors were working together to attack important national systems.
The NDPC said that institutions that support banking services, payment platforms, telecommunications, cloud infrastructure, and digital services for the public sector are becoming more vulnerable, which increases the risk of data breaches and service interruptions.
The statement said, “The commission strongly advises that data controllers and processors (including MDAs) urgently step up their technical and organizational measures to ensure the privacy of all Nigerians and other data subjects in line with the Nigeria Data Protection Act, 2023 (NDP Act).”
The NDPC listed a number of things that businesses need to do to lower their risk of cyber attacks. These include hiring trained and certified Data Protection Officers, putting in place strong privacy policies, and doing Data Privacy Impact Assessments.
It also stressed the need for stronger technical safeguards like network segmentation, zero-trust security architecture, and multi-factor authentication.
The commission said, “Organizations should use strong identity and access controls, adopt zero-trust architecture, and make sure that patch management is done all the time to fix system weaknesses.”
The regulator also stressed the need to protect cloud infrastructure, application programming interfaces, databases, and access credentials in addition to internal systems.
The commission also told businesses to set up systems for real-time monitoring, logging, and threat detection, as well as encryption and secure credential management.
It also said, “Entities should do vulnerability assessments and penetration testing on important systems and keep doing backup, recovery, and resilience testing on a regular basis.”
The advisory comes at a time when regulators are paying more attention to companies because of an ongoing investigation into a possible data breach involving Remita Payment Services Ltd, Sterling Bank, and others.
The NDPC says that the investigation is mainly about finding out what kind of breach it was, how big it was, what kinds of personal data were involved, what risks it posed to the people whose data was stolen, and whether the steps taken to protect the data were enough.
The commission said again that it would make sure that businesses follow the Nigeria Data Protection Act 2023. It also said that not putting in place the right protections could put millions of Nigerians at risk of privacy violations and cyber threats.
