Cyber Hygiene Education at Budapest Stock Exchange

by Daniel Remarc Bognar 2025.09.27

I was asked from the Stock Exchange Mentor program to give a Cyber Hygiene education to company owners.

Last week I had the opportunity to give a joint presentation together with Béki-Nagy Bertalan, CISO of Egis Global Pharmaceutical, about cyber hygiene and cyber awareness for company owners and executives.The goal was simple — and intentionally uncomfortable:

To show that cybersecurity is not an IT problem, but a business survival issue.

The invisible war you are already part of

nder the surface of our calm, everyday business operations, a continuous, invisible war is taking place.State-sponsored actors, organized cybercriminal groups and politically motivated attackers are constantly active — whether you notice them or not.

Most companies only realize this after an incident.

Cybercrime today would rank as the world’s third-largest economy.The reason is simple:

• entry barriers are low

• tools and knowledge can be bought

• the potential revenue is massive

• the risk of getting caught is minimal

This is not chaos.It is a highly optimized business model.

Why this is not an IT problem

One of the most important messages of the session was this:

The real target is always the company itself:

• operations

• reputation

• customer trust

• revenue

• leadership credibility

From a board-level perspective, cyber risk sits next to financial, strategic and operational risks.Ignoring it doesn’t make it smaller — it only makes it unmanaged.

Cyberattacks work like bank robberies

We compared modern cyberattacks to classic bank robberies:

• reconnaissance

• social engineering

• lateral movement

• extraction of value

The difference is that today this happens digitally, silently, often over weeks or months — and usually without visible alarms until it’s too late.

Recent high-profile cases (ransomware, supply-chain attacks, zero-click exploits, zero-day vulnerabilities) show that size and industry no longer matter

Why defending is getting harder

We also spoke openly about today’s challenges:

• AI is a double-edged sword — it helps defenders, but massively scales attacks

• Supply chains mean you are only as secure as your weakest partner

• Zero-day vulnerabilities cannot be “patched away” in advance

• Social engineering works because companies are made of people

There is no silver bullet.There never was.

Fortunately Zscaler makes this easier.

Cyber hygiene: boring, unsexy — and extremely effective

The good news:Effective defense is not necessarily expensive.

Basic cyber hygiene still stops a shocking number of attacks:

• proper backups

• multi-factor authentication

• endpoint protection

• visibility into what is actually happening

• clear incident response scenarios

Security is not a box you buy, but a process you operate.

Companies that do this well share common traits:

• leadership involvement

• clear responsibility

• realistic expectations toward IT and suppliers

• regular awareness and education

• tested business continuity plans

Cyber defense should be treated like insurance:you hope you never need it — but you cannot afford not to have it.

Check out Hoxhunt for more

People, process, technology — in balance

The closing message of the presentation was not about tools.

The best results come when companies find the right balance between:

• people (awareness and responsibility)

• technology (real value, not buzzwords)

• processes (simple, tested, usable under stress)

Cybersecurity maturity is not about perfection.It’s about being prepared enough to survive the day when something goes wrong.

Because one thing is certain:

We have a saying at Nextrust, in cyber defense is like running away from a bear, you don't need to run faster than the grizzly, but faster than you peers. If you have basic cyber hygiene invest in a well choosen Zero Trust Architecture, you will be ahead of 90% of the other companies.