When María* received the email from her boss, nothing about it felt unusual.
She was working remotely that day from her apartment in São Paulo when the message arrived. Her manager said he couldn’t access his work email while travelling and needed some internal documents resent urgently from her personal address instead. There was also a request for login credentials to a shared platform the company used for vendor management. Since that week had been hectic and the company had been onboarding new vendors, the timing made sense.
Even the language and email signature looked legitimate. So María sent the files.
Nothing happened immediately.
But days later, the financial services company she worked for began detecting unusual activity across parts of its internal systems. Employee credentials had been compromised. Suspicious login attempts were appearing across multiple accounts. By the time the company's IT team traced the breach back to the original email, attackers had already spent days quietly moving through sections of the company’s network.
Situations like this are becoming more common in most African and Latin American countries, where millions of people are integrating into the digital ecosystem at breakneck speed.
Every day, organisations across both regions face waves of credential attacks, ransomware attempts, phishing campaigns, API abuse, and automated scans probing for weak points. Some are opportunistic. Others are highly targeted. But many go undetected for weeks or months.
The numbers don’t tell the full story
When reports emerged earlier this year claiming Nigerian organisations were experiencing over 4700 cyberattack attempts every week, the numbers sounded alarming. But to Samuel Afolabi, a principal cybersecurity consultant advising organisations across financial services, fintech, healthcare, government, and technology sectors across Africa and North America, the figures were less shocking than what they represented.
