The official website of Nigeria’s National Bureau of Statistics (NBS), www.nigerianstat.gov.ng, has remained inaccessible for three weeks following a reported cyberattack. The prolonged downtime of such a critical government platform highlights growing concerns about cybersecurity vulnerabilities within public institutions. This incident, which coincides with the bureau’s publication of a high-profile crime report, raises questions about the motives behind the attack and the broader implications for national data security.

On December 18, 2024, the National Bureau of Statistics confirmed via its official X (formerly Twitter) account that its website had been compromised. The NBS urged the public to disregard any information published on the platform until the breach was resolved. This announcement came just a day after the bureau released its annual Crime Experience and Security Perception Survey. The report revealed alarming statistics about Nigeria’s crime landscape, including:

• Nigerians paid an estimated N2.23 trillion as ransom between May 2023 and April 2024.
• Approximately 51.89 million crime incidents were recorded across Nigerian households during this period.
• The North-West region reported the highest crime incidents (over 14 million), while the South-East recorded the lowest (over six million).
• Rural areas experienced slightly higher crime incidents (26.5 million) than urban areas (25.4 million).

The timing of the attack, coupled with the sensitive nature of the report, has led to speculation about whether the breach was a retaliatory act by cybercriminals or other vested interests.

Impact of the Attack

Three weeks after the initial breach, the NBS website remains offline, significantly disrupting public access to critical data. This incident has had several immediate and far-reaching consequences:

1. Loss of Public Trust: The prolonged downtime has undermined confidence in the NBS’s ability to safeguard its digital assets.
2. Data Accessibility Issues: Researchers, policymakers, and businesses relying on statistical data from the NBS have been left in the dark.
3. Operational Delays: The bureau’s internal operations may have been disrupted, including the compilation and dissemination of new statistical reports.
4. Reputational Damage: As a key institution responsible for national statistics, the breach exposes the NBS to reputational harm on both domestic and international levels.

Despite repeated inquiries, the NBS has not provided any updates regarding the restoration of its website or the steps being taken to mitigate the attack. Efforts to contact Ichedi Sunday, the head of communications at the NBS, have been unsuccessful.

Broader Context

This incident adds to a growing list of cyberattacks targeting government agencies worldwide. The motive behind such breaches often ranges from political dissent and espionage to financial gain. In this case, the attack’s timing—coinciding with the release of a crime survey—raises questions about whether it was an attempt to discredit the bureau’s findings or disrupt public discourse.

Interestingly, the day after the NBS confirmed the breach, reports emerged claiming that Adeniran Adeyemi, Statistician-General of the Federation, had been summoned by the Department of State Services (DSS) for questioning over the crime report. Although the NBS denied these reports, the coincidence has fueled further speculation about the circumstances surrounding the attack.

How Government Agencies Can Prevent Such Attacks

To avoid similar incidents in the future, government institutions like the NBS must prioritize robust cybersecurity measures. Here are ten actionable recommendations:

1. Regular Security Audits: Conduct periodic vulnerability assessments and penetration testing to identify and address potential weaknesses in the system.
2. Advanced Threat Detection: Deploy advanced threat detection tools, such as intrusion detection systems (IDS) and security information and event management (SIEM) solutions, to monitor and respond to suspicious activities in real time.
3. Multi-Factor Authentication (MFA): Implement MFA for all user accounts, especially those with administrative access, to add an extra layer of security.
4. Employee Training: Provide regular cybersecurity awareness training to employees to recognize phishing attempts, social engineering, and other common attack vectors.
5. Data Backup and Recovery Plans: Maintain secure and redundant backups of all critical data. Test recovery procedures periodically to ensure minimal downtime during a breach.
6. Segmentation of Networks: Use network segmentation to isolate sensitive data and minimize the spread of malware in case of a breach.
7. Secure Software Development Practices: Ensure that all web applications and software undergo rigorous security testing before deployment.
8. Third-Party Risk Management: Evaluate the security practices of vendors and third-party service providers who have access to institutional networks or data.
9. Incident Response Plan: Develop and regularly update an incident response plan to ensure a swift and coordinated reaction to security breaches.
10. Collaboration with Cybersecurity Experts: Partner with external cybersecurity experts to stay updated on emerging threats and best practices.

Conclusion

The ongoing unavailability of the NBS website serves as a stark reminder of the vulnerabilities that exist within critical digital infrastructure. As cyberattacks become increasingly sophisticated, government institutions must invest in advanced security measures and proactive strategies to protect their data and maintain public trust.

The NBS hack is not just a technical failure but a wake-up call for all organizations, emphasizing the importance of cybersecurity resilience in an interconnected world.

Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, LinkedIn and YouTube for the latest threats, insights, and updates!