Organisations in Nigeria are being urged to reassess their cybersecurity strategies as experts warn that internal threats are being overlooked. Security operations analyst Ruth Itua stated that insider risks—posed by employees, contractors, or trusted partners—remain one of the most underestimated challenges in modern cybersecurity. While public discourse often focuses on external threats like foreign hackers and malware, Itua noted that individuals with legitimate access to systems can cause significant breaches, either deliberately or through negligence. These insider threats fall into three categories: malicious insiders, negligent users, and compromised accounts where attackers hijack valid credentials.
Common workplace actions such as clicking phishing links or reusing passwords are frequent entry points for cyberattacks. Experts argue these are not isolated errors but predictable outcomes of current work environments and system designs. Traditional tools like firewalls and email filters are built to block external intrusions but struggle to detect suspicious activity from within. Cybercriminals increasingly use social engineering to gain access, blending in with normal user behaviour and staying undetected for long periods.
To reduce risk, specialists recommend the principle of least privilege and behavioural monitoring systems. However, they stress that technical fixes alone cannot solve the issue.
Ruth Itua's warning exposes a quiet flaw in how Nigerian firms treat cybersecurity—trusting insiders by default while fortifying against phantom external armies. The real danger isn't just rogue employees, but systems designed to ignore internal red flags. If companies keep treating access as a one-time approval, breaches will keep slipping through as routine work. This isn't a tech failure; it's a design choice that favours convenience over control.
