Building digital trust through cyber security

Cyber security at Proximus

Within our company

Security is our top priority when developing new infrastructure and digital services. In 2023, Proximus Group invested more than €7.28 million in its Corporate Cyber Security Program. This program aims to make our company more cyber-resilient, while offering best-in-class secured services and networks to our customers. Moreover, the program focuses on the protection us against business disruption , and the security of our critical infrastructure such API and our private and public Clouds It also boosts our cybersecurity capacity for coping with the acceleration of threats. To handle this last issue, in 2023 we continued to make additional investments in protecting our network against Distributed Denial of Service, or DDoS attacks.

Artificial Intelligence and Machine Learning capabilities are also increasingly used in Proximus’ cyber security. Proximus also acts to protect its customers against fraud. With the support of the government, Proximus invests in anti-phishing and anti-fraud platforms (SMS, email, interconnect security).

Additionally, we safeguard our company data and our customers’ privacy by continuously modernizing our Identity and Access Management (IAM) systems. We are, for instance, launching a project that will make it easier to manage access to our applications based on the user profile, enabling us to better comply with data protection legislation.

Proximus holds a Trusted Introducer Certification and an ISO 27001 certification that now combines the certifications on housing and hosting in our data centers, our remote operations center and our Explore connectivity services offered to enterprise customers.

We are compliant with the High Risk Vendors regulatory restrictions and with the regulatory restrictions for access to critical infrastructure. We have policies in place that ensure our vendors eliminate software vulnerabilities. When introducing new technologies, in-depth cyber security penetration tests are part of our standard processes.

Every year, our Cyber Security Incident Response Team (CSIRT) experts hold information sessions for our employees on the trends and threats CSIRT is monitoring at Proximus. We noticed an increase in social engineering attacks towards our employees with 1189 attempts in 2023.

Due to the general increase in phishing attacks, we have also stepped up our efforts to train our employees to more easily identify phishing messages by organizing more frequent and diversified internal phishing simulations. We also encourage them to report suspicious emails to our CSIRT. These reports from our employees allow the Centre for Cybersecurity Belgium (CCB) to take action to prevent other organizations from falling victim to phishing.

Cyber security for our customers

"In 2023 Proximus CSIRT prevented 2,088,227 customers from accessing fraudulent websites."Fabrice ClementDirector of Security Governance & Investigations

For our customers

There has been a worldwide increase in cyberattacks involving more targeted and sophisticated phishing campaigns, Distributed Denial of Service (DDoS) attacks or ransomware. At the same time, data has become a key asset for many organizations. Its use increases the need for protection, privacy and sovereignty.

Numerous phishing campaigns targeted our customers by impersonating and abusing Proximus brands. 167 phishing campaigns were recorded in 2023. Phishing messages via SMS are also on the rise.

Apart from phishing, Distributed Denial of Service-attacks (DDoS) are causing business disruptions within Belgian companies and governmental institutions. Therefore, we have doubled our DDoS Defense platform capacity and made additional investments to increase network protection from DDoS attacks.

In partnership with AXA Partners, we propose Cyber Care to our residential customers. This insurance policy offers technical, legal, financial and psychological support in the event of cybercrime.

Security and sovereignty

Proximus drives technological leadership and innovation through strategic partnerships with hyperscalers such as Microsoft and Google, leveraging their technology and co-innovation to benefit Benelux companies. 

Through partnerships with Microsoft and Google, Proximus brings two types of sovereign cloud to the market: Microsoft Azure Secure Public Cloud and Google Disconnected Cloud.

These solutions enable customers to benefit from the flexibility and scalability of the public cloud, while making sure their data is processed in the most secure way.

Proximus partnered with Microsoft to offer a first type of sovereign cloud solution. The key word here is encryption. More specifically, the data is held by Microsoft, but here the “standard” public cloud has strong encryption added, not only when storing the data, but also when the data travels across the network, even when it is in use. Microsoft itself does not have access to the data. Microsoft does not have the key for encrypting and decrypting the data, which is held by Proximus.

Through a partnership with Google Cloud, Proximus is further expanding its sovereign cloud services. This is a completely different approach to sovereign cloud. The data resides on a Google platform, managed by Proximus and hosted by partner LuxConnect. Such a sovereign cloud setup is in no way connected to a public cloud. The sensitive data is completely physically isolated and located within the territory of the European Union, providing a solution for governments and regulated companies, among others, both in terms of GDPR and geopolitics.

When choosing a type of sovereign cloud, organizations will have to make the trade-off based on the extent to which sensitive data needs to be protected. Proximus acts as an independent partner to help companies assess their needs and migrate to the appropriate sovereign cloud.

Quantum communication

Paving the way for secure "unbreakable networks" of the future

Quantum communication demystified

Unlike traditional digital signals, which encode data into bits (0's and 1's), Quantum communication relies on "quantum bits" (qubits in short) that consist of polarized photons (light signals). The unique characteristics of these qubits makes it possible to encode, transfer and secure data in revolutionary ways. The long-term vision for quantum communication is to evolve towards a Quantum internet where quantum computers, simulators and sensors interconnect via fiber-optic networks distributing information with unprecedented computing power, guaranteed communication security, and provide ultra-high precision synchronization, measurements, and diagnostics available to everyone locally and in the cloud.

Network security at the heart of everything

Although quantum technology offers fantastic opportunities, it also raises important concerns. Quantum Computing will turn any cryptography based on number factorization obsolete. Therefore, it's crucial to investigate methods of securing data in a quantum-proof way.

Proximus and partners have already tested Quantum Key Distribution (QKD) between 2 datacentres in Belgium. QKD offers absolute security, data cannot be intercepted or tampered with by eavesdroppers.

Our contribution to Quantum research

Many ecosystems combining the academic world, the public sector and private actors actively collaborate on quantum research today. Proximus closely works together with Belgian research institutions and different universities.

In the Belux, Proximus initiates the setup of an ecosystem dedicated to connecting professional end-users and advanced technological expertise around quantum-based services.

We are also driving pilot projects with industries where data confidentiality is critical, such as the defence sector, financial institutions, and healthcare service providers.

For society

On a national level, we remain a committed partner of BE-Alert, a 24/7 public warning system by the Belgian authorities. BE-Alert broadcasts news and information in the event of a crisis via SMS, fixed voice, email, and social media.

Proximus is collaborating with the Centre for Cyber Security Belgium on the Belgian Anti-Phishing Shield (BAPS) project. It engages all Belgian telecom operators to block phishing websites that have been identified and verified by the Centre for Cyber Security.

Public awareness remains the best way to mitigate the risk of attacks. The CSIRT posts warnings on social media whenever a new phishing campaign that impersonates Proximus is detected. Furthermore, via this channel, we advise people on how best to protect themselves from cyberthreats. In addition, Proximus’s Security Operations Center (SOC) monitored 3.5 billion logs for our enterprise customers in 2023, leading to 57,000 notable events of which 11,600 incidents needed a remediation.

To raise awareness of internet safety among young people, Proximus takes part in the Internet Safe & Fun Days twice a year. For ten years our employees, trained by partner organization Child Focus, have visited primary schools to make children aware of safe and responsible internet use.

EDUbox Cybersecurity for youngsters: digital protection as a good habit

EDUbox is an educational and interactive concept of the VRT to introduce young people from secondary education to a social theme. The EDUbox Cybersecurity: digital protection as a good habit is a collaboration between the RTBF, VRT and strong partners such as Mediawijs, Digital for Youth, the Center for Cybersecurity, Britghtlab, imec, Betternet, DNS Belgium and the Cyber Security Coalition. Proximus is part of the Coalition and has actively contributed to this EDUbox .

We also teamed up with the Centre for Cyber Security Belgium and the Cyber Security Coalition for the 9th National Cyber Security Awareness Campaign.

Proximus Ada

The first objective of Proximus Ada, the Belgian center of excellence for artificial intelligence and cybersecurity, is to become a pillar of innovation and a center of expertise for all the companies of Proximus Group, both in Belgium and internationally.

Proximus Ada will not only enable them to develop and launch new applications that will fuel their growth in Belgium and abroad, but to also build a safer digital space for users and society.

More info:
Press release - Proximus launches Proximus Ada

About Proximus ada

Exchanging knowledge and experiences is key for organizations to be cyber resilient

Our current partnerships

The Belgian Cyber Security Coalition

The Belgian Cyber Security Coalition, of which we are a co-founder, is a collaboration platform of cyber security experts from the public and private sectors and the academic world. No less than175 key organisations have joined the Coalition since its start in 2015.

cybersecuritycoalition.be

ETIS platform

We maintain a close cooperation with other European telecom operators through the ETIS platform, where we are presiding the security workgroup. Today, 5G security is a key priority.

etis.org

European Network & Information Security Agency (ENISA)

We work together with the European Network & Information Security Agency (ENISA) to better understand the evolution of regulations. 

enisa.europa.eu

NATO, Europol, and Interpol

In order to stay up to date on new cyber threats, we also engage with NATO, Europol (Cyber Crime Center), and Interpol (Global Cybercrime Expert Group).

europol.europa.eu

Cyber security education: raising awareness

How does Proximus fight phishing?

We are heavily involved in the “StopPhishing” project, a government initiative that encourages telco operators to implement anti-phishing and anti-fraud platforms for SMS, email and voice calls. Since mid-October 2023, a co-investment in which we have participated has led to the development of an AI-based detection solution to protect our customers from fraudulent SMSs.

In 2024, we will extend this approach to email and calls. Proximus also collaborates with the Centre for Cyber Security Belgium (CCB) on the Belgian Anti-Phishing Shield (BAPS) project. This engages all Belgian telecom operators in blocking malicious websites that have been identified and verified by the Centre for Cyber Security. The sharing of knowledge and experience is fundamental to enhancing cyber resilience within organizations and the further protection of individuals.

More info about BAPS (Belgian Anti-Phishing Shield)

Report abuse

Gaia-X

Since June 2021, Proximus has been a board member of Gaia-X, the European Association for Data and Cloud . The architecture of Gaia-X is based on the principle of decentralization, a result of a multitude of platforms that follow a common Gaia-X standard. The aim is to develop a data infrastructure based on the values of openness, transparency and trust. This membership puts Proximus at the forefront for the provision of innovative digital products and services, together with other European stakeholders from a variety of industries.

Digital safety for children – Internet safe & fun

As a leading digital company, we have an important role to play in raising society’s digital awareness. Children do not always see the risks behind the digital corner. On Internet Safe & Fun days, our employees – trained by our partner Child Focus – educate primary school children on how to use the internet safely.

Internet safe & fun

Private data remains safe with a trusted gatekeeper

As a telecommunications company and supplier of digital services, we process enormous amounts of personal data. It goes without saying that this data must remain confidential and secure. To this end, we apply strict rules and policies within our company that respect GDPR and e-privacy legislation

  • We have appointed a community of over 60 Privacy Ambassadors to ensure the highest level of awareness and accountability on privacy compliance throughout the company.
  • Our structured Privacy Review Process streamlines all initiatives, including personal data.
  • A dedicated internal Privacy Governance body has been established to address all privacy matters at the highest level of management. This process is integrated into our other corporate processes to ensure the highest level of effectiveness and efficiency.
  • We are continuously improving our MyProximus interfaces to allow our customers to manage their data in a simple and easily accessible way by indicating their privacy preferences on the MyProximus app and website.