Digital Encode Limited, a leading information security and governance, risk, and compliance (GRC) advisory firm, has issued an urgent cybersecurity advisory following a surge in security breaches affecting financial institutions, government agencies, fintechs, and other organisations across Nigeria.
Cyber threat actors have recently exposed data purportedly from both private and public institutions in Nigeria, underscoring the growing need for stronger cybersecurity frameworks, proactive threat monitoring, and coordinated incident response measures.
But Digital Encode’s advisory highlights a troubling pattern: most recent cyber incidents are not driven by sophisticated zero-day exploits, but by preventable weaknesses in basic security configurations, credential management, and operational controls.
According to the advisory signed by the Chief Visionary Officer of Digital Encode Limited, Professor Obadare Adewale Peter, attackers are increasingly exploiting misconfigured systems and publicly exposed assets, such as unsecured databases, open cloud storage buckets, leaked API keys, and critical servers exposed to the internet, many of which are easily discoverable through open repositories, cloud indexing tools, and even dark web marketplaces.
The advisory outlines critical areas of concern, including publicly accessible cloud storage exposing sensitive customer and operational data; hardcoded secrets in web and mobile applications, including API keys and tokens; leaked credentials in repositories and deployment artifacts; weak internal access controls and over-reliance on single authentication layers; exposure of administrative endpoints, API documentation, and development environments in production.