Cyber security at Proximus
Proximus invested €7.5 million in its Corporate Cyber Security Program
In 2020, Proximus invested € 7.5 million in its Corporate Cyber Security Program to make our company more cyber-resilient, while offering best-in-class secured services and networks to our customers. It also helps us to reinforce the protection of our critical infrastructure. Our corporate Cyber Security Incident Response Team (CSIRT) is continuously monitoring security alerts to coordinate the response to cyber threats.
In 2020, our CSIRT analysts handled 1,052 incidents (compared to 1,261 in 2019) and 34,912 alarms (23,111 in 2019).
Although Proximus was not directly hit with COVID-19-related attacks, we became aware of a significant increase in cyber threats towards our employees:
- 30% of these attempts were related to social engineering.
- 349 such cases in 2020 (compared to 133 cases in 2019).
Identity and Access Management also plays an increasingly important role in our transformation towards a digital native company. We have to guarantee the protection of both company data and customer privacy. Therefore, we are reinforcing it through our Corporate Cyber Security Program.
Moreover, we are the proud holder of a Trusted Introducer Certification and four ISO27001 certifications covering our data centres housing and hosting, security operations centre, and the enterprise Explore Connectivity. To become even more efficient, we will merge our different ISO 27001 (information security management) certificates with our ISO 9110 (quality management) certificates into one integrated management system.
Raising cyber security to a higher level remains a top priority.
Cyber security for our customers
Monitoring and responding
Worldwide, a high number of sophisticated phishing campaigns were observed during the first COVID-19 lockdown period (April-May). By closely monitoring and responding effectively, Proximus CSIRT prevented 742,000 customers accessing fraudulent websites in 2020.
Public awareness remains the best way to mitigate the risk of attacks. Our CSIRT team posts warnings on social media whenever a new phishing campaign is detected. In addition, Proximus’ Security Operations Center monitors more than 3,000 million events daily, alerting enterprise customers in case of incidents and remediating them.
Improving mobile protection
We strongly improved the protection of our mobile customers and the security of international interconnections.
On a national level, we remain a committed partner of BE-Alert, a 24/7 public warning system by the Belgian authorities. BE-Alert broadcasts news and information in the event of a crisis via SMS, fixed voice, email, and social media.
In 2020, Proximus handled 238 requests from law enforcement authorities to block access to websites. We cooperate closely with the judicial authorities and help them in their investigation in the context of criminal offences such as the possession and distribution of images related to child pornography.
Proximus launches Proximus Ada, the first Belgian center of excellence combining artificial intelligence and cybersecurity
This marks a first in Belgium: Proximus announced the creation of Ada, an innovation and expertise center dedicated to artificial intelligence and cybersecurity. These are two key areas if Belgian society is to meet the challenges of today and tomorrow. The first one, because it provides innovative solutions in multiple sectors, not least in energy and mobility. The second, as increasing cybercrime is forcing individuals, companies and society at large to become more resilient to cyber threats.
Exchanging knowledge and experiences is key for organizations to be cyber resilient
Our current partnerships
The Belgian Cyber Security Coalition
The Belgian Cyber Security Coalition, of which we are a co-founder, is a collaboration platform of 120 cyber security experts from the public and private sectors and the academic world.cybersecuritycoalition.be
We maintain a close cooperation with other European telecom operators through the ETIS platform, where we are presiding the security workgroup. Today, 5G security is a key priority.etis.org
European Network & Information Security Agency (ENISA)
We work together with the European Network & Information Security Agency (ENISA) to better understand the evolution of regulations.enisa.europa.eu
NATO, Europol, and Interpol
In order to stay up to date on new cyber threats, we also engage with NATO, Europol (Cyber Crime Center), and Interpol (Global Cybercrime Expert Group).europol.europa.eu
Cyber security education: raising awareness
How does Proximus fight phishing?
- The national system where our citizens can send phishing emails has been expanded since December to also allow the forwarding of text messages.
After analysis by safeonweb, websites confirmed as phishing will be forwarded in real time to operators who will block the links via DNS.
This project is called BAPS (Belgian Anti-Phishing Shield).
- Proximus is currently the only one (!!) to block all phishing sites received by the CCB in (almost) real time.
More info about BAPS (Belgian Anti-Phishing Shield)
- The current telecom legislation does not allow operators to scan SMS messages. For flubot, operators received an exception from BIPT to block as many messages as possible once the content has been transferred to them by one of their customers. Only then may they block similar content. Of course, the fraudsters are constantly adapting their texts in order to circumvent these blocks. But the telecom operators stay alert!
Educating our employees
The increasing cyber threats intensify the need to raise cyber security awareness amongst our employees. In 2020, we organized a fully digital Security Week for our employees. A total of 2,791 people took part in seven digital information sessions, covering the threat landscape, COVID-19 safety, and secure video conferencing.
In addition, Proximus Corporate University (PCU) continues to develop training programs in cyber security. This year, PCU launched a “Get the basics” track on cyber security. Proximus also offers corporate learning programs – such as Building the Future. Seventy employees are currently following a learning path including cyber security. A CISSP certification is part of it.
Since high-level competitions are also a good way to develop skills, a cross-divisional team participated in an international Boss of the SOC challenge. Our team came 16th out of 252 teams.
Digital safety for children – Internet safe & fun
As a leading digital company, we have an important role to play in raising society’s digital awareness. Children do not always see the risks behind the digital corner. On Internet Safe & Fun days, our employees – trained by our partner Child Focus – educate primary school children on how to use the internet safely.Internet safe & fun
Private data remains safe with a trusted gatekeeper
As a telecommunications company and supplier of digital services, we process enormous amounts of personal data. It goes without saying that this data must remain confidential and secure. To this end, we apply strict rules and policies within our company that respect GDPR and e-privacy legislation.
- We have appointed a community of over 60 Privacy Ambassadors to ensure the highest level of awareness and accountability on privacy compliance throughout the company.
- Our structured Privacy Review Process streamlines all initiatives, including personal data.
- A dedicated internal Privacy Governance body has been established to address all privacy matters at the highest level of management. This process is integrated into our other corporate processes to ensure the highest level of effectiveness and efficiency.
- We are continuously improving our MyProximus interfaces to allow our customers to manage their data in a simple and easily accessible way by indicating their privacy preferences on the MyProximus app and website.