The Billion-Naira Breaches Fueled by Insiders

There’s an African proverb that says: “Therat that enters the pot does so with help from the lid.”

And according to EFCC Chairman Ola Olukoyede, that’s exactly what’s happening in Nigeria’s banking halls, where insiders are handing keys to foreign hackers, and billions are vanishing before security teams even blink.

The EFCC boss blew the whistle on what he called a “coordinated wave of cyber intrusions” into six Nigerian commercial banks.

These weren’t your typical email scams or amateur breaches. No—these were precision strikes, executed in tandem with rogue employees and hackers dialing in from the U.S. and Eastern Europe.

Inside Job, Global Network

The attackers weren’t digging through firewalls; they were handed a back door. Compromised bank staff facilitated unauthorized access, allowing syndicates to bypass controls and transfer billions in mere seconds.

Olukoyede confirmed that in three separate cases, the EFCC was able to recover:

• ₦9.7 billion
• ₦6.7 billion
• ₦3.7 billion

That’s nearly ₦20 billion clawed back,but how much more was lost before detection?

“These are highly coordinated attacks,and insiders play a critical role,” he warned. “But the institutions themselves are not to blame—it’s the actions of rogue staff.”

Strategic Recommendations

Tighten Internal Controls

Implement Zero Trust architectures, trust no internal process by default. Internal access should be segmented, logged,and conditional.

Conduct Employee Audits

Screen high-privilege users regularly.Background checks aren't just for hiring,they should be cyclical.

Launch Insider Threat Programs

Use UEBA (User & Entity BehaviorAnalytics) to monitor strange movements from within. Lateral transfers,off-hours logins, and sensitive access from a typical devices must trigger alerts.

Encrypt and Monitor High-Value Transactions

Real-time monitoring and encryption of key data channels (like SWIFT, CRM, Treasury tools) can prevent silent exfiltration.

Foster a Culture of Security

A well-trained, security-aware workforce is your best defense. Cybersecurity is everyone’s job, especially those closest to your core systems.