Cyber security at Proximus
Within our company
Corporate Cyber Security Program
Security is our top priority when developing new infrastructure and digital services. In 2024, Proximus Group invested more than €7.28 million in its Corporate Cyber Security Program. This program aims to make our company more cyber-resilient, while offering best-in-class secured services and networks to our customers. Moreover, the program focuses on the protection against business disruption , the security of our critical infrastructure such as API and our private and public Clouds and the protection of our network against Distributed Denial of Service, or DDoS attacks.
Artificial Intelligence and Machine Learning capabilities are increasingly used in Proximus’ cyber security. Proximus also acts to protect its customers against fraud. With the support of the government, Proximus invests in anti-phishing and anti-fraud solutions (SMS, email, interconnect security).
Additionally, we safeguard our company data and our customers’ privacy by continuously modernizing our Identity and Access Management (IAM) systems. We are, for instance, launching a project that manages more efficiently the access to our applications based on the user profile, enabling us to better comply with data protection legislation.
Certificates and policies
Proximus holds a Trusted Introducer Certification and an ISO 27001 certification and “ISAE 3000/SOC 2 - Type II” attestation
We are compliant with the High Risk Vendors regulatory restrictions and with the regulatory restrictions for access to critical infrastructure. We have policies in place that ensure our vendors eliminate software vulnerabilities. When introducing new technologies, in-depth cyber security penetration tests are part of our standard processes.
CSIRT
The Proximus Cyber Security Incident Response Team (CSIRT) protects the organization’s digital assets and ensures a secure environment for its users and customers. The team is internationally recognized as an industry leader in SS7 Intelligence, which is unique in the global telecommunications industry.
Our CSIRT experts regularly hold information sessions for our employees on the trends and threats CSIRT is monitoring at Proximus.
Due to the general increase in phishing attacks, we have also stepped up our efforts to train our employees to more easily identify phishing messages by organizing more frequent and diversified internal phishing simulations. We also encourage them to report suspicious emails to our CSIRT. These reports from our employees allow the Centre for Cybersecurity Belgium (CCB) to take action to prevent other people from falling victim to malicious websites.
Proximus also collaborates with the CCB on the Belgian Anti-Phishing Shield (BAPS) project. This engages all Belgian telecom operators in redirecting users clicking on malicious links to a warning page. In 2024, BAPS prevented customers from accessing 1.6 million fraudulent websites.
Awareness of our customers and society at large
Watch our internet awareness videos
The CSIRT warns on social media about online pitfalls and fake phishing messages posing as Proximus. They also advise people on how best to protect themselves against cyber threats via this channel.
Our campaign videos are not available in English. You can watch the Dutch campaign playlist above or follow the link to view them in French.
StopPhishing project
We are a key player in the “StopPhishing” project, an initiative from the government to encourage telco operators to implement anti-phishing and anti-fraud platforms for SMS, email and voice calls. Through a co-investment, we have developed an AI-based detection solution that protects our customers from fraudulent SMSs. In 2024, this solution has screened and blocked over 23 million SMS and MMS messages, blocking over 104 million phishing attempts sent by email with our anti-SPAM filters. We also protected our customers from spoofed calls and blocked with over 1 million incoming call attempts.
Learn more about our cybersecurity initiatives through a newspaper article about Proximus and our role in AI and cybersecurity, available in Dutch or French.
Internet Safe & Fun
To promote Internet safety among young people, Proximus participates in the Internet Safe & Fun Days twice a year in Belgium. For 13 years, Proximus employees trained by Child Focus have visited primary schools to teach children about safe and responsible Internet usage.
Awareness campaign
Proximus launched in October 2024 a national awareness campaign for a safe and secure online world. This campaign enables us to reaffirm our societal responsibility in the crucial area of cybersecurity while highlighting the superior quality of our networks and services.
Proximus Ada: driving AI and cybersecurity excellence
Proximus Ada is Belgium’s first center of excellence dedicated to artificial intelligence (AI) and cybersecurity. As pillar of innovation within the Proximus Group, it develops gen AI applications, strengthens digital security, and fosters trust in the digital economy. By the end of 2024, it employed over 110 experts.
Cybersecurity: strengthening digital resilience
Ada’s CSIRT (Cyber Security Incident Response Team) handled 31.170 alarms and 7340 security incidents in 2024, tackling threats like phishing and cyberattacks. It plays a key role in raising awareness, delivering training sessions, conducting simulation exercises, and blocking online threats. In 2024, CSIRT also expanded its cybersecurity services to external companies.
AI: powering innovation
Ada supports Proximus NXT and Codit in delivering AI-driven solutions across the Benelux, ensuring secure data integration and algorithm development. It also enhances Proximus Group’s operations and customer experience through AI advancements.
In partnership with Agoria, Proximus NXT affiliates Codit and Proximus Ada have co-developed AI-driven applications that streamline operations, improve productivity, and elevate member services. By automating internal processes and ensuring fast, intelligent access to information, these solutions create lasting value for Agoria’s 2,100+ members.
Customer service
Proximus leverages Generative AI to enhance its customer service, with Proximus Ada’s expertise driving its progress. Recent developments include customer support initiatives such as:
- FAQ search enhancement: improved information discovery in the Help Center, increasing customer satisfaction
- Proximus Digital Assistant upgrade: chatbot using Gen AI for more accurate responses, with 40 new AI feeds in development.
Societal Impact
Since August 2023 Proximus Ada’s cybersecurity experts have offered their expertise free of charge to Brussels’ Digital Public Spaces (DPS). In these places, the most vulnerable and least digitally equipped citizens can use computer equipment and attend IT initiations and cybersecurity training. And to improve knowledge and awareness, Ada’s data scientists run AI awareness sessions for high school students.
Data protection and sovereignty
Proximus drives technological leadership and innovation through strategic partnerships with hyperscalers such as Microsoft and Google, leveraging their technology and co-innovation to benefit Benelux companies.
Through partnerships with Microsoft and Google, Proximus brings two types of sovereign cloud to the market: Microsoft Encrypted Public Cloud and Google Distributed Cloud air-gapped.
These solutions enable customers to benefit from the flexibility and scalability of the public cloud, while making sure their data is processed in the most secure way.
Microsoft Encrypted Public Cloud
Proximus partnered with Microsoft to offer a first type of sovereign cloud solution. The key word here is encryption. More specifically, the data is held by Microsoft, but here the “standard” public cloud has strong encryption added, not only when storing the data, but also when the data travels across the network, even when it is in use. Proximus' new sovereign cloud solution combines the Microsoft Cloud for Sovereignty platform with technologies from Thales and Intel. By integrating these solutions, an unprecedented achievement in Europe, Proximus is adding a European encryption layer on top of Microsoft's technology, enabling it to move into the sovereign in the cloud category.
Google Distributed Cloud air-gapped
Through a partnership with Google Cloud, Proximus is further expanding its sovereign cloud services. This is a completely different approach to sovereign cloud. The data resides on a Google platform, managed by Proximus and hosted by partner LuxConnect. Such a sovereign cloud setup is disconnected from a public cloud and from the internet. The sensitive data and the management of the platform (control plane) are completely physically isolated and located within the territory of the European Union, providing a solution for governments and regulated companies, among others, both in terms of GDPR and geopolitics.
When choosing a type of sovereign cloud, organizations will have to make the trade-off based on the extent to which sensitive data needs to be protected. Proximus acts as an independent partner to help companies assess their needs and migrate to the appropriate sovereign cloud.
Exchanging knowledge and experiences is key for organizations to be cyber resilient
Swipe through the overview of our current partners.
The Belgian Cyber Security Coalition, of which we are a co-founder, is a collaboration platform of cyber security experts from the public and private sectors and the academic world. Over 200 key organisations have joined the Coalition since its start in 2015.
We cooperate closely with other European telecom operators through the ETIS platform where we serve as a treasurer and board member. We actively participate in the security working groups and preside over the SOC (Security Operations Center) group.
We work together with the European Network & Information Security Agency (ENISA) to better understand the evolution of regulations.
In order to stay up to date on new cyber threats, we also engage with NATO, Europol (Cyber Crime Center).
Our affiliate BICS actively participates in international industry bodies focused on fraud prevention, such as the i3Forum, Global System for Mobile Communications (GSMA), BEREC, MEF, etc. promoting pan-industry collaboration in the fight against fraud.
