Cyber security at Proximus

Proximus invested €7.5 million in its Corporate Cyber Security Program 

In 2020, Proximus invested € 7.5 million in its Corporate Cyber Security Program to make our company more cyber-resilient, while offering best-in-class secured services and networks to our customers. It also helps us to reinforce the protection of our critical infrastructure. Our corporate Cyber Security Incident Response Team (CSIRT) is continuously monitoring security alerts to coordinate the response to cyber threats. 
In 2020, our CSIRT analysts handled 1,052 incidents (compared to 1,261 in 2019) and 34,912 alarms (23,111 in 2019). 
Although Proximus was not directly hit with COVID-19-related attacks, we became aware of a significant increase in cyber threats towards our employees: 

  • 30% of these attempts were related to social engineering.
  • 349 such cases in 2020 (compared to 133 cases in 2019).

Identity and Access Management also plays an increasingly important role in our transformation towards a digital native company. We have to guarantee the protection of both company data and customer privacy. Therefore, we are reinforcing it through our Corporate Cyber Security Program.
Moreover, we are the proud holder of a Trusted Introducer Certification and four ISO27001 certifications covering our data centres housing and hosting, security operations centre, and the enterprise Explore Connectivity. To become even more efficient, we will merge our different ISO 27001 (information security management) certificates with our ISO 9110 (quality management) certificates into one integrated management system.
Raising cyber security to a higher level remains a top priority. 

Cyber security for our customers

"In 2020 Proximus CSIRT prevented 742,000 customers from accessing fraudulent websites."Fabrice ClementDirector of Security Governance & Investigations

Monitoring and responding

Worldwide, a high number of sophisticated phishing campaigns were observed during the first COVID-19 lockdown period (April-May). By closely monitoring and responding effectively, Proximus CSIRT prevented 742,000 customers accessing fraudulent websites in 2020. 

Raising awareness

Public awareness remains the best way to mitigate the risk of attacks. Our CSIRT team posts warnings on social media whenever a new phishing campaign is detected. In addition, Proximus’ Security Operations Center monitors more than 3,000 million events daily, alerting enterprise customers in case of incidents and remediating them. 

Improving mobile protection

We strongly improved the protection of our mobile customers and the security of international interconnections.

Cyber security for the general public and institutions

On a national level, we remain a committed partner of BE-Alert, a 24/7 public warning system by the Belgian authorities. BE-Alert broadcasts news and information in the event of a crisis via SMS, fixed voice, email, and social media.
In 2020, Proximus handled 238 requests from law enforcement authorities to block access to websites. We cooperate closely with the judicial authorities and help them in their investigation in the context of criminal offences such as the possession and distribution of images related to child pornography.

Exchanging knowledge and experiences is key for organizations to be cyber resilient

Our current partnerships

The Belgian Cyber Security Coalition

The Belgian Cyber Security Coalition, of which we are a co-founder, is a collaboration platform of 120 cyber security experts from the public and private sectors and the academic world. 

cybersecuritycoalition.be

ETIS platform

We maintain a close cooperation with other European telecom operators through the ETIS platform, where we are presiding the security workgroup. Today, 5G security is a key priority.

etis.org

European Network & Information Security Agency (ENISA)

We work together with the European Network & Information Security Agency (ENISA) to better understand the evolution of regulations. 

enisa.europa.eu

NATO, Europol, and Interpol

In order to stay up to date on new cyber threats, we also engage with NATO, Europol (Cyber Crime Center), and Interpol (Global Cybercrime Expert Group).

europol.europa.eu

Cyber security education: raising awareness

Educating our employees

The increasing cyber threats intensify the need to raise cyber security awareness amongst our employees. In 2020, we organized a fully digital Security Week for our employees. A total of 2,791 people took part in seven digital information sessions, covering the threat landscape, COVID-19 safety, and secure video conferencing. 

In addition, Proximus Corporate University (PCU) continues to develop training programs in cyber security. This year, PCU launched a “Get the basics” track on cyber security.  Proximus also offers corporate learning programs – such as Building the Future. Seventy employees are currently following a learning path including cyber security. A CISSP certification is part of it. 
Since high-level competitions are also a good way to develop skills, a cross-divisional team participated in an international Boss of the SOC challenge. Our team came 16th out of 252 teams.

Discover more about working at Proximus

Digital safety for children – Internet safe & fun

As a leading digital company, we have an important role to play in raising society’s digital awareness. Children do not always see the risks behind the digital corner. On Internet Safe & Fun days, our employees – trained by our partner Child Focus – educate primary school children on how to use the internet safely.

Internet safe & fun

Private data remains safe with a trusted gatekeeper

As a telecommunications company and supplier of digital services, we process enormous amounts of personal data. It goes without saying that this data must remain confidential and secure. To this end, we apply strict rules and policies within our company that respect GDPR and e-privacy legislation

  • We have appointed a community of over 60 Privacy Ambassadors to ensure the highest level of awareness and accountability on privacy compliance throughout the company.
  • Our structured Privacy Review Process streamlines all initiatives, including personal data.
  • A dedicated internal Privacy Governance body has been established to address all privacy matters at the highest level of management. This process is integrated into our other corporate processes to ensure the highest level of effectiveness and efficiency.
  • We are continuously improving our MyProximus interfaces to allow our customers to manage their data in a simple and easily accessible way by indicating their privacy preferences on the MyProximus app and website.