Cyber security at Proximus
Within our company
In 2022, Proximus invested about € 8 million in its Corporate Cyber Security Program. This investment is helping to make our company more cyber-resilient, while offering best-in-class secured services and networks to our customers. Moreover, the program protects our company against business disruption, supports the development of a modern API Security and Cloud and boosts our cybersecurity capacity to cope with the acceleration of threats.
To safeguard our company data and our customers’ privacy we continuously modernize our Identity and Access Management (IAM) systems.
To demonstrate our commitment to the security of our customers and stakeholders, we are committed to maintaining a Trusted Introducer Certification and four ISO 27001 certifications. These cover housing and hosting in our data centers, our remote operations center and our Explore range for enterprise connectivity.
We are compliant with the High Risk Vendors regulatory restrictions and with the regulatory restrictions for access to critical infrastructure. We have policies in place that ensure our vendors eliminate software vulnerabilities. When introducing new technologies, in-depth cyber security penetration tests are part of our standard processes.
Every year, our Cyber Security Incident Response Team (CSIRT) experts hold information sessions for our employees on the trends and threats CSIRT is monitoring at Proximus. We noticed an increase in social engineering attacks towards our employees with 199 attempts in 2022.
Due to the general increase in phishing attacks, we have also stepped up our efforts to train our employees to more easily identify phishing messages by organizing more frequent and diversified internal phishing simulations. We also encourage them to report suspicious emails to our CSIRT. These reports from our employees allow the Centre for Cybersecurity Belgium (CCB) to take action to prevent other organizations from falling victim to phishing.
Cyber security for our customers
For our customers
With the outbreak of COVID and the war in Ukraine, there has been a worldwide increase in cyberattacks involving more targeted and sophisticated phishing campaigns, Distributed Denial of Service (DDoS) attacks or ransomware. At the same time, data has become a key asset for many organizations. Its use increases the need for protection, privacy and sovereignty.
Numerous phishing campaigns targeted our customers by impersonating and abusing Proximus brands. 126 phishing campaigns were recorded in 2022 versus 166 in 2021. Phishing messages via SMS are also on the rise.
Apart from phishing, Distributed Denial of Service-attacks (DDoS) are causing business disruptions within Belgian companies and governmental institutions. Therefore, we have doubled our DDoS Defense platform capacity and made additional investments to increase network protection from DDoS attacks.
In partnership with AXA Partners, we propose Cyber Care to our residential customers. This insurance policy offers technical, legal, financial and psychological support in the event of cybercrime.
Security and sovereignty
For our business customers, security and sovereignty have become critical, as they are compelled to be data driven, cloud enabled and digitally end-to-end secure.
Today, Proximus is already recognized as a leader in security thanks to its strong assets and its continuous innovation efforts. For example, we have entered into a partnership with Microsoft for the development of a sovereign cloud solution. It enables us to offer our customers both the power of the artificial intelligence of American clouds and the high level of data protection required by the European regulations, guaranteed by Proximus.
On a national level, we remain a committed partner of BE-Alert, a 24/7 public warning system by the Belgian authorities. BE-Alert broadcasts news and information in the event of a crisis via SMS, fixed voice, email, and social media.
Proximus is collaborating with the Centre for Cyber Security Belgium on the Belgian Anti-Phishing Shield (BAPS) project. It engages all Belgian telecom operators to block phishing websites that have been identified and verified by the Centre for Cyber Security.
Public awareness remains the best way to mitigate the risk of attacks. The CSIRT posts warnings on social media whenever a new phishing campaign that impersonates Proximus is detected. Furthermore, via this channel, we advise people on how best to protect themselves from cyberthreats. In addition, the Proximus Security Operations Center monitored 3.2 billion notable events in 2022, alerting enterprise customers of incidents and remedying them.
To raise awareness of internet safety among young people, Proximus takes part in the Internet Safe & Fun Days twice a year. For ten years our employees, trained by partner organization Child Focus, have visited primary schools to make children aware of safe and responsible internet use.
EDUbox Cybersecurity for youngsters: digital protection as a good habit
EDUbox is an educational and interactive concept of the VRT to introduce young people from secondary education to a social theme. The EDUbox Cybersecurity: digital protection as a good habit is a collaboration between the RTBF, VRT and strong partners such as Mediawijs, Digital for Youth, the Center for Cybersecurity, Britghtlab, imec, Betternet, DNS Belgium and the Cyber Security Coalition. Proximus is part of the Coalition and has actively contributed to this EDUbox .
We also teamed up with the Centre for Cyber Security Belgium and the Cyber Security Coalition for the 8th National Cyber Security Awareness Campaign.
The first objective of Proximus Ada, the Belgian center of excellence for artificial intelligence and cybersecurity, is to become a pillar of innovation and a center of expertise for all the companies of Proximus Group, both in Belgium and internationally.
Proximus Ada will not only enable them to develop and launch new applications that will fuel their growth in Belgium and abroad, but to also build a safer digital space for users and society.
Exchanging knowledge and experiences is key for organizations to be cyber resilient
Our current partnerships
The Belgian Cyber Security Coalition
The Belgian Cyber Security Coalition, of which we are a co-founder, is a collaboration platform of 120 cyber security experts from the public and private sectors and the academic world.cybersecuritycoalition.be
We maintain a close cooperation with other European telecom operators through the ETIS platform, where we are presiding the security workgroup. Today, 5G security is a key priority.etis.org
European Network & Information Security Agency (ENISA)
We work together with the European Network & Information Security Agency (ENISA) to better understand the evolution of regulations.enisa.europa.eu
NATO, Europol, and Interpol
In order to stay up to date on new cyber threats, we also engage with NATO, Europol (Cyber Crime Center), and Interpol (Global Cybercrime Expert Group).europol.europa.eu
Cyber security education: raising awareness
How does Proximus fight phishing?
- The national system where our citizens can send phishing emails has been expanded since December to also allow the forwarding of text messages.
After analysis by safeonweb, websites confirmed as phishing will be forwarded in real time to operators who will block the links via DNS.
This project is called BAPS (Belgian Anti-Phishing Shield).
- Proximus is currently the only one (!!) to block all phishing sites received by the CCB in (almost) real time.
More info about BAPS (Belgian Anti-Phishing Shield)
- The current telecom legislation does not allow operators to scan SMS messages. For flubot, operators received an exception from BIPT to block as many messages as possible once the content has been transferred to them by one of their customers. Only then may they block similar content. Of course, the fraudsters are constantly adapting their texts in order to circumvent these blocks. But the telecom operators stay alert!
Since June 2021, Proximus has been a board member of Gaia-X, the European Association for Data and Cloud . The architecture of Gaia-X is based on the principle of decentralization, a result of a multitude of platforms that follow a common Gaia-X standard. The aim is to develop a data infrastructure based on the values of openness, transparency and trust. This membership puts Proximus at the forefront for the provision of innovative digital products and services, together with other European stakeholders from a variety of industries.
Digital safety for children – Internet safe & fun
As a leading digital company, we have an important role to play in raising society’s digital awareness. Children do not always see the risks behind the digital corner. On Internet Safe & Fun days, our employees – trained by our partner Child Focus – educate primary school children on how to use the internet safely.Internet safe & fun
Private data remains safe with a trusted gatekeeper
As a telecommunications company and supplier of digital services, we process enormous amounts of personal data. It goes without saying that this data must remain confidential and secure. To this end, we apply strict rules and policies within our company that respect GDPR and e-privacy legislation.
- We have appointed a community of over 60 Privacy Ambassadors to ensure the highest level of awareness and accountability on privacy compliance throughout the company.
- Our structured Privacy Review Process streamlines all initiatives, including personal data.
- A dedicated internal Privacy Governance body has been established to address all privacy matters at the highest level of management. This process is integrated into our other corporate processes to ensure the highest level of effectiveness and efficiency.
- We are continuously improving our MyProximus interfaces to allow our customers to manage their data in a simple and easily accessible way by indicating their privacy preferences on the MyProximus app and website.