Algeria’s New MPT-CERT: What Bank and Enterprise Security Teams Should Do Next

A National Coordination Point Just Opened — Here Is What It Is

On June 15, 2026, the Ministry of Post and Telecommunications inaugurated the Centre sectoriel de veille, de détection et de réponse aux incidents cybernétiques (MPT-CERT) in Algiers. Minister Sid Ali Zerrouki presided over the launch, which Algérie Éco reported as the sector’s “operational pillar responsible for continuous surveillance, threat analysis, and coordination of incident response.” South Korea’s KOICA contributed technical support to strengthen national detection and response capabilities, with Ambassador Min Kyung-tae committing to expanded training and expertise exchange.

For bank, finance and enterprise security teams, the practical meaning is straightforward: there is now a sector-level body designed to monitor threats continuously and coordinate the response when an incident hits. A CERT (Computer Emergency Response Team) works best when the organizations it serves are already plugged in — registered, sharing indicators, and rehearsed on how to escalate. The center’s value to your team scales with how prepared your team is to use it.

This launch does not stand alone. It builds on Presidential Decree No. 26-07 of January 7, 2026 (published in the Official Gazette on January 21, 2026), which requires every public-sector entity to establish a dedicated cybersecurity unit separate from IT management, reporting directly to the institution’s head. Together, the decree and the MPT-CERT create a clearer governance line: each organization owns its security function, and a sectoral center coordinates above it.

The Threat Picture Behind the Timing

The numbers explain the urgency. According to Kaspersky data cited by Ecofin Agency, Algeria faced more than 70 million attempted cyberattacks in 2024, with over 13 million phishing attempts blocked and nearly 750,000 malicious email attachments neutralized. Algeria ranked 17th globally among the most-targeted nations.

The regional picture reinforces it. INTERPOL’s 2025 Africa cyberthreat assessment, summarized by Infosecurity Magazine, found cybercrime now accounts for more than 30% of reported crime in Western and Eastern Africa. Phishing notifications surged by up to 3,000% in some African countries, Business Email Compromise (BEC) activity spans 11 nations, and a single coordinated takedown — Operation Serengeti — disrupted networks tied to roughly $193 million in losses affecting 35,000 victims. As Afripol’s acting executive director Jalel Chelba put it, “Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability.”

Phishing, BEC and ransomware are the three vectors that hit banks and finance teams hardest, because they convert a single tricked employee into a wire transfer, a credential, or an encrypted file server. The MPT-CERT gives teams a coordination point precisely for the moment those attacks land. The work to benefit from it, though, starts before the incident.

What Bank and Enterprise Security Teams Should Do

1. Register with MPT-CERT and establish your escalation path now

A CERT only helps in real time if your organization is already a known contact. Identify the registration and intake channel for the MPT-CERT, nominate a named security point-of-contact and a backup, and document who in your organization is authorized to declare an incident and engage the center. For banks, align this with your existing reporting lines so a CERT notification does not stall waiting for an internal sign-off. Test the contact path with a low-stakes query — a working channel verified on a calm Tuesday is worth far more than a phone number you first dial during a breach. Do this in the coming weeks, not after the next incident.

2. Run a phishing simulation and harden against BEC before the next campaign

With 13 million phishing attempts blocked in Algeria in 2024 and BEC rising across the region, employee-targeted social engineering is the highest-probability vector. Commission a phishing simulation across your workforce, measure the click-through and credential-submission rates, and route repeat clickers into targeted retraining. For BEC specifically, enforce out-of-band verification for any payment or vendor-bank-detail change — a callback to a pre-registered number, never a reply to the email thread. Enable DMARC, SPF and DKIM on your domains and turn on mailbox-rule-change alerting, since attackers who land in an inbox typically create hidden forwarding rules first.

3. Update your incident response plan to include MPT-CERT and rehearse it

An incident response (IR) plan that does not name the new sectoral CERT is already out of date. Add MPT-CERT to your IR runbook as an external coordination contact, define what you will report and when, and clarify the boundary between internal containment and external notification. Then rehearse it: a two-hour tabletop exercise walking a ransomware scenario from first alert to CERT engagement will surface the gaps — unclear ownership, missing backups, no pre-drafted holding statement — that a real incident would otherwise expose at the worst time. Update the plan with what the tabletop reveals.

4. Verify backups and segment the network that ransomware would target

Ransomware’s damage is decided before the attack, by whether you can restore without paying. Confirm you hold offline or immutable backups of critical systems, and actually test a restore — an untested backup is a hope, not a control. Segment your network so that a compromise in one zone cannot move laterally into core banking or finance systems, and apply least-privilege to the service accounts attackers prize. These controls also make any future MPT-CERT coordination more effective, because a team that already knows its asset map and recovery posture can give the center accurate information fast.

The Bigger Picture: Algeria’s Cyber Maturity Arc

The MPT-CERT is best read as one stage in a maturing national posture rather than a standalone announcement. Decree 26-07 set the governance foundation in January 2026 by requiring dedicated security units across public institutions; the sectoral CERT now adds the coordination layer that turns isolated security teams into a connected response network. The KOICA partnership signals that capability-building — training, expertise exchange, and detection tooling — is part of the plan, not an afterthought.

For Algerian security leaders, the strategic takeaway is that the coordination infrastructure is arriving, and the organizations that prepare to plug into it will get the most value. The threat data — 70 million attempted attacks, phishing up thousands of percent regionally, $193 million in losses from a single takedown — is not a reason for alarm so much as a clear signal of where to invest attention this quarter. Register, simulate, rehearse, and verify backups. Each is achievable in weeks, and each compounds the value of the national coordination point that just opened.

Frequently Asked Questions

Sources & Further Reading

• Further Reading
• Algérie : inauguration du Centre sectoriel de veille et de réponse aux incidents cybernétiques — Algérie Éco
• Algeria Adopts New Cybersecurity Framework as Digital Risks Rise — We Are Tech Africa
• Algeria Orders Cybersecurity Units in Public Sector Amid Surge in Cyberattacks — Ecofin Agency
• INTERPOL Warns of Rapid Rise in African Cybercrime — Infosecurity Magazine
• New INTERPOL Report Warns of Sharp Rise in Cybercrime in Africa — INTERPOL