Building digital trust through cyber security

Cyber security at Proximus

Within our company

In 2022, Proximus invested about € 8 million in its Corporate Cyber Security Program. This investment is helping to make our company more cyber-resilient, while offering best-in-class secured services and networks to our customers. Moreover, the program protects our company against business disruption, supports the development of a modern API Security and Cloud and boosts our cybersecurity capacity to cope with the acceleration of threats.

 To safeguard our company data and our customers’ privacy we continuously modernize our Identity and Access Management (IAM) systems.

To demonstrate our commitment to the security of our customers and stakeholders, we are committed to maintaining a Trusted Introducer Certification and four ISO 27001 certifications. These cover housing and hosting in our data centers, our remote operations center and our Explore range for enterprise connectivity.

We are compliant with the High Risk Vendors regulatory restrictions and with the regulatory restrictions for access to critical infrastructure. We have policies in place that ensure our vendors eliminate software vulnerabilities. When introducing new technologies, in-depth cyber security penetration tests are part of our standard processes.

Every year, our Cyber Security Incident Response Team (CSIRT) experts hold information sessions for our employees on the trends and threats CSIRT is monitoring at Proximus. We noticed an increase in social engineering attacks towards our employees with 199 attempts in 2022.

Due to the general increase in phishing attacks, we have also stepped up our efforts to train our employees to more easily identify phishing messages by organizing more frequent and diversified internal phishing simulations. We also encourage them to report suspicious emails to our CSIRT. These reports from our employees allow the Centre for Cybersecurity Belgium (CCB) to take action to prevent other organizations from falling victim to phishing.

Cyber security for our customers

"In 2022 Proximus CSIRT prevented 1,808,008 customers from accessing fraudulent websites."Fabrice ClementDirector of Security Governance & Investigations

For our customers

With the outbreak of COVID and the war in Ukraine, there has been a worldwide increase in cyberattacks involving more targeted and sophisticated phishing campaigns, Distributed Denial of Service (DDoS) attacks or ransomware. At the same time, data has become a key asset for many organizations. Its use increases the need for protection, privacy and sovereignty.

Numerous phishing campaigns targeted our customers by impersonating and abusing Proximus brands. 126 phishing campaigns were recorded in 2022 versus 166 in 2021. Phishing messages via SMS are also on the rise.

Apart from phishing, Distributed Denial of Service-attacks (DDoS) are causing business disruptions within Belgian companies and governmental institutions. Therefore, we have doubled our DDoS Defense platform capacity and made additional investments to increase network protection from DDoS attacks.

In partnership with AXA Partners, we propose Cyber Care to our residential customers. This insurance policy offers technical, legal, financial and psychological support in the event of cybercrime.

Security and sovereignty

Proximus drives technological leadership and innovation through strategic partnerships with hyperscalers such as Microsoft and Google, leveraging their technology and co-innovation to benefit Benelux companies. 

Through partnerships with Microsoft and Google, Proximus brings two types of sovereign cloud to the market: Microsoft Azure Secure Public Cloud and Google Disconnected Cloud.

These solutions enable customers to benefit from the flexibility and scalability of the public cloud, while making sure their data is processed in the most secure way.

Proximus partnered with Microsoft to offer a first type of sovereign cloud solution. The key word here is encryption. More specifically, the data is held by Microsoft, but here the “standard” public cloud has strong encryption added, not only when storing the data, but also when the data travels across the network, even when it is in use. Microsoft itself does not have access to the data. Microsoft does not have the key for encrypting and decrypting the data, which is held by Proximus.

Through a partnership with Google Cloud, Proximus is further expanding its sovereign cloud services. This is a completely different approach to sovereign cloud. The data resides on a Google platform, managed by Proximus and hosted by partner LuxConnect. Such a sovereign cloud setup is in no way connected to a public cloud. The sensitive data is completely physically isolated and located within the territory of the European Union, providing a solution for governments and regulated companies, among others, both in terms of GDPR and geopolitics.

When choosing a type of sovereign cloud, organizations will have to make the trade-off based on the extent to which sensitive data needs to be protected. Proximus acts as an independent partner to help companies assess their needs and migrate to the appropriate sovereign cloud.

Quantum communication

Paving the way for secure "unbreakable networks" of the future

Quantum communication demystified

Unlike traditional digital signals, which encode data into bits (0's and 1's), Quantum communication relies on "quantum bits" (qubits in short) that consist of polarized photons (light signals). The unique characteristics of these qubits makes it possible to encode, transfer and secure data in revolutionary ways. The long-term vision for quantum communication is to evolve towards a Quantum internet where quantum computers, simulators and sensors interconnect via fiber-optic networks distributing information with unprecedented computing power, guaranteed communication security, and provide ultra-high precision synchronization, measurements, and diagnostics available to everyone locally and in the cloud.

Network security at the heart of everything

Although quantum technology offers fantastic opportunities, it also raises important concerns. Quantum Computing will turn any cryptography based on number factorization obsolete. Therefore, it's crucial to investigate methods of securing data in a quantum-proof way.

Proximus and partners have already tested Quantum Key Distribution (QKD) between 2 datacentres in Belgium. QKD offers absolute security, data cannot be intercepted or tampered with by eavesdroppers.

Our contribution to Quantum research

Many ecosystems combining the academic world, the public sector and private actors actively collaborate on quantum research today. Proximus closely works together with Belgian research institutions and different universities.

In the Belux, Proximus initiates the setup of an ecosystem dedicated to connecting professional end-users and advanced technological expertise around quantum-based services.

We are also driving pilot projects with industries where data confidentiality is critical, such as the defence sector, financial institutions, and healthcare service providers.

For society

On a national level, we remain a committed partner of BE-Alert, a 24/7 public warning system by the Belgian authorities. BE-Alert broadcasts news and information in the event of a crisis via SMS, fixed voice, email, and social media.

Proximus is collaborating with the Centre for Cyber Security Belgium on the Belgian Anti-Phishing Shield (BAPS) project. It engages all Belgian telecom operators to block phishing websites that have been identified and verified by the Centre for Cyber Security.

Public awareness remains the best way to mitigate the risk of attacks. The CSIRT posts warnings on social media whenever a new phishing campaign that impersonates Proximus is detected. Furthermore, via this channel, we advise people on how best to protect themselves from cyberthreats. In addition, the Proximus Security Operations Center monitored 3.2 billion notable events in 2022, alerting enterprise customers of incidents and remedying them.

To raise awareness of internet safety among young people, Proximus takes part in the Internet Safe & Fun Days twice a year. For ten years our employees, trained by partner organization Child Focus, have visited primary schools to make children aware of safe and responsible internet use.

EDUbox Cybersecurity for youngsters: digital protection as a good habit

EDUbox is an educational and interactive concept of the VRT to introduce young people from secondary education to a social theme. The EDUbox Cybersecurity: digital protection as a good habit is a collaboration between the RTBF, VRT and strong partners such as Mediawijs, Digital for Youth, the Center for Cybersecurity, Britghtlab, imec, Betternet, DNS Belgium and the Cyber Security Coalition. Proximus is part of the Coalition and has actively contributed to this EDUbox .

We also teamed up with the Centre for Cyber Security Belgium and the Cyber Security Coalition for the 8th National Cyber Security Awareness Campaign.

Proximus Ada

The first objective of Proximus Ada, the Belgian center of excellence for artificial intelligence and cybersecurity, is to become a pillar of innovation and a center of expertise for all the companies of Proximus Group, both in Belgium and internationally.

Proximus Ada will not only enable them to develop and launch new applications that will fuel their growth in Belgium and abroad, but to also build a safer digital space for users and society.

More info:
Press release - Proximus launches Proximus Ada

Exchanging knowledge and experiences is key for organizations to be cyber resilient

Our current partnerships

The Belgian Cyber Security Coalition

The Belgian Cyber Security Coalition, of which we are a co-founder, is a collaboration platform of 120 cyber security experts from the public and private sectors and the academic world. 

cybersecuritycoalition.be

ETIS platform

We maintain a close cooperation with other European telecom operators through the ETIS platform, where we are presiding the security workgroup. Today, 5G security is a key priority.

etis.org

European Network & Information Security Agency (ENISA)

We work together with the European Network & Information Security Agency (ENISA) to better understand the evolution of regulations. 

enisa.europa.eu

NATO, Europol, and Interpol

In order to stay up to date on new cyber threats, we also engage with NATO, Europol (Cyber Crime Center), and Interpol (Global Cybercrime Expert Group).

europol.europa.eu

Cyber security education: raising awareness

How does Proximus fight phishing?

  • The national system where our citizens can send phishing emails has been expanded since December to also allow the forwarding of text messages.
    After analysis by safeonweb, websites confirmed as phishing will be forwarded in real time to operators who will block the links via DNS.
    This project is called BAPS (Belgian Anti-Phishing Shield).
  • Proximus is currently the only one (!!) to block all phishing sites received by the CCB in (almost) real time.
    More info about BAPS (Belgian Anti-Phishing Shield)
  • The current telecom legislation does not allow operators to scan SMS messages. For flubot, operators received an exception from BIPT to block as many messages as possible once the content has been transferred to them by one of their customers. Only then may they block similar content. Of course, the fraudsters are constantly adapting their texts in order to circumvent these blocks. But the telecom operators stay alert!

Report abuse

Gaia-X

Since June 2021, Proximus has been a board member of Gaia-X, the European Association for Data and Cloud . The architecture of Gaia-X is based on the principle of decentralization, a result of a multitude of platforms that follow a common Gaia-X standard. The aim is to develop a data infrastructure based on the values of openness, transparency and trust. This membership puts Proximus at the forefront for the provision of innovative digital products and services, together with other European stakeholders from a variety of industries.

Digital safety for children – Internet safe & fun

As a leading digital company, we have an important role to play in raising society’s digital awareness. Children do not always see the risks behind the digital corner. On Internet Safe & Fun days, our employees – trained by our partner Child Focus – educate primary school children on how to use the internet safely.

Internet safe & fun

Private data remains safe with a trusted gatekeeper

As a telecommunications company and supplier of digital services, we process enormous amounts of personal data. It goes without saying that this data must remain confidential and secure. To this end, we apply strict rules and policies within our company that respect GDPR and e-privacy legislation

  • We have appointed a community of over 60 Privacy Ambassadors to ensure the highest level of awareness and accountability on privacy compliance throughout the company.
  • Our structured Privacy Review Process streamlines all initiatives, including personal data.
  • A dedicated internal Privacy Governance body has been established to address all privacy matters at the highest level of management. This process is integrated into our other corporate processes to ensure the highest level of effectiveness and efficiency.
  • We are continuously improving our MyProximus interfaces to allow our customers to manage their data in a simple and easily accessible way by indicating their privacy preferences on the MyProximus app and website.