Africa's mobile-first status could increase the continent's vulnerability against the growing threat of mobile malware.

This is according to pure-play network cyber security vendor CheckPoint, based on a quarterly analysis of the global Threat Index, which showed that at the end of Q1 2016 Nigeria is positioned as the 16th highest ranked country, two places from its18th spot in the preceding quarter.

As CheckPoint explains, its Threat Index provides a data-based breakdown of new and prevalent threats, as well as the relative rankings of countries' risk profiles globally.

The key point the vendor makes is that the higher the ranking, the greater the threat of cyber-attack.

"Developing and African nations are highly represented in the upper rankings of the index, and Nigeria was surpassed by a handful of other African countries, including Namibia and Malawi in second and fourth spots respectively. In stark contrast, Kenya improved their ranking by 24 places, moving from 45th position at the end of 2015, to 69th at the end of the quarter," the company states.

Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies, says Nigeria's worsening ranking may be due to a dramatic increase in threats targeting mobile devices specifically, while Kenya's improvement could reflect a growing maturity in security awareness.

"It's not immediately clear why the East and West African hubs are experiencing such different moves in terms of cyber-attacks, and we are generally seeing a lot of volatility month to month for many of the countries on the index. But this quarter, mobile malware ranked as one of the ten most prevalent attack types affecting corporate networks and devices for the first time ever."

"With Africa being the 'mobile-first' and often 'mobile-only' continent, this new wave of threats is likely to have a strong impact on the number of attacks evidenced in the region," he continued.

"Individuals who run their businesses off mobile devices, as well as organisations who have a bring-your-own-device policy, will need to prepare for this in their security strategy. It is necessary to apply the same level of security to mobile as required by traditional networks and PCs, and security professionals must have a coherent, over-arching threat management approach that addresses this."

In its threat review CheckPoint says in February this year the HummingBad agent became the 7th most common malware detected targeting corporate networks and devices, and moved up to 6th spot in March.

"Hummingbad targets Android devices specifically, facilitating malicious activity such as installing a key-loggers, stealing credentials and bypassing encrypted email containers used by companies, allowing for interception of corporate data. It was the third highest threat in Kenya in Q1 and seventh in Nigeria," said the security vendor.

Mobile threat

Doros Hadjizenonos, Country Manager of Check Point South Africa, says mobile ransomware has emerged as the biggest mobile security threat.

"Imitation is a quick way to learn, which is why mobile malware is evolving so rapidly – it frequently imitates attack behaviours and trends that were first trialled and proven to work in the PC world. Mobile ransomware is following this path, with the aim of replicating the success that PC-based ransomware has had in extorting money from individuals and organisations. So it's no surprise that the number of mobile ransomware variants detected in Q1 2016 grew 45% compared with Q4 2015."

Hadjizenonos says it is important to perform regular backups of data stored on mobile devices.

"You should certainly avoid paying any ransom, and take your device to a mobile security specialist rather than attempting to decrypt it yourself. But ultimately, when it comes to mobile ransomware, prevention is by far the best protection," he says.