Nigeria’s financial sector is rapidly digitalising, embracing mobile banking, fintech, and digital currencies. While this interconnectedness is a strength, it also creates significant vulnerabilities. Artificial Intelligence (AI) has emerged as a double-edged sword, offering unprecedented defensive capabilities yet simultaneously empowering sophisticated new threats. As CISO, my focus is on safeguarding sensitive data and critical infrastructure in this escalating AI arms race.
The sharp edge of defense: How AI bolsters our security
The sheer volume of financial data overwhelms human capacity, making AI indispensable for security. Our institution leverages AI extensively. Advanced threat detection uses machine learning to analyse vast real-time datasets, identifying anomalous patterns in network traffic, user behavior, and transactions. This flags suspicious activities, significantly reducing fraud and detecting “zero-day” attacks.
In an attack, automated incident response systems powered by AI can automate initial responses—isolating affected systems or blocking malicious IPs—drastically reducing impact and freeing human analysts for strategic tasks. AI also excels in fraud detection and prevention, where its ability to analyse intricate transaction patterns and detect subtle deviations is invaluable in preventing fraud across all channels.
Beyond this, AI revolutionises enhanced customer authentication through biometrics (facial, fingerprint, and voice), offering superior security over vulnerable password-based methods. Our proactive stance is bolstered by proactive vulnerability management, using AI-powered autonomous penetration testing to identify weaknesses before attackers exploit them, enabling proactive patching. Lastly, AI tools automate compliance and risk management, assessing regulatory risks and monitoring cybersecurity law changes, ensuring adherence to crucial frameworks like the Nigeria Data Protection Act (NDPA) 2023.
The blunting threat: AI as an enabler for cybercriminals
While AI offers immense defensive potential, its accessibility means malicious actors increasingly wield it for sophisticated and impactful attacks. We’re witnessing a concerning rise in hyper-realistic deepfakes and voice clones, used to impersonate officials and defraud organisations through social engineering scams. AI also drives advanced phishing and social engineering attacks, crafting highly personalised emails that are harder to detect, increasing risks like credential harvesting. Threats escalate with automated malware generation and evasion, as AI generates novel, evasive malware variants at unprecedented rates, rendering traditional detection obsolete. This adaptive threat is further amplified by reinforcement learning for attack optimisation, where malicious AI learns from defensive responses, constantly refining its strategies. Finally, AI automates various scalable fraud operations, from creating fake accounts to manipulating cryptocurrency markets, dramatically increasing cybercrime efficiency.
Navigating the ethical and operational minefield
AI adoption in cybersecurity presents unique challenges in the Nigerian context that we must address head-on. A primary concern is data quality and bias, as AI model effectiveness depends entirely on the data it’s trained on; biased data can lead to skewed outcomes or missed threats, making representative Nigerian financial data crucial. Another significant hurdle is algorithmic transparency (explainable AI – XAI), as understanding why an AI system made a decision is vital for compliance and incident response, necessitating a focus on XAI. Furthermore, Nigeria faces a significant talent gap in AI and cybersecurity experts, which can hinder effective implementation and response.
While the NDPA 2023 is a commendable step, evolving regulatory frameworks are still developing comprehensive legal guidelines addressing AI’s use and misuse in cybersecurity, which are essential for responsible innovation and risk mitigation. Lastly, the cost of implementation for cutting-edge AI cybersecurity solutions is substantial, especially for institutions managing other technological upgrades and infrastructure limitations.
The path forward: A collaborative and proactive Approach
As information security leaders, we must navigate this AI-driven landscape with vigilance and strategic foresight. Our path forward involves strategic investment in AI-driven solutions, prioritising those offering advanced threat intelligence, anomaly detection, and automated response, while continuously evaluating their efficacy. Crucially, we must focus on building human capacity, investing heavily in training cybersecurity teams to understand, manage, and leverage AI tools, and fostering data science and machine learning expertise within our ranks.
Cross-sector collaboration is paramount; actively engaging with industry peers, regulators (Central Bank of Nigeria and the Nigeria Data Protection Commission), law enforcement (the Economic and Financial Crimes Commission and the Nigeria Police Force), and local tech innovators to share threat intelligence and best practices will strengthen our collective defense. We are committed to promoting AI governance and ethics, developing internal policies ensuring ethical and responsible AI deployment, focusing on data privacy, algorithmic fairness, transparency, and accountability. Recognising the human element remains a critical vulnerability; employee cybersecurity awareness is key, requiring continuous education for all staff on identifying AI-powered social engineering attempts. Finally, we must foster localised threat intelligence, training AI models on Nigerian-specific fraud patterns and cybercrime tactics, tailoring defenses to our unique landscape.
The integration of AI into cybersecurity is a strategic imperative for Nigeria’s financial sector. By fostering innovation, building capacity, and upholding robust ethical frameworks, we can ensure AI serves as a formidable shield, protecting Nigeria’s digital future from cybercrime.
Ayowole Popoola is the Chief Information Security Officer at FCMB. He is a results-oriented IT & InfoSec leader with 20+ years protecting business-critical networks and data within the highly regulated financial services industry.
Mark your calendars! Moonshot by is back in Lagos on October 15–16! Join Africa’s top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Early bird tickets now 20% off—don’t snooze! moonshot..com
