Cybersecurity Awareness Month: Onapsis’s Mission to Protect Business-Critical Applications

This month marks CISA’s 18th Cybersecurity Awareness Month, a joint effort between the government and public to raise awareness of the importance of cybersecurity. This year, it feels more relevant than ever, in light of the volume of high-profile cyber attacks and the emerging federal legislature dedicated to improving the nation’s cybersecurity. As a cybersecurity company, the exposure and education that this month drives resonates. Raising awareness for existing application security gaps and enabling global businesses to better protect themselves, their employees, and their customers, is our mission.  

Onapsis was founded over a decade ago when we realized that the world’s most critical enterprise resources were being overlooked. Business-critical applications from corporations like SAP, Oracle, and Salesforce help run your organization—supporting financial systems, human capital management, supply chains, supplier relationships, and more. These applications are at the center of the global economy, used by 92% of the Global 2000 and touching 77% of the world’s revenue. 

Despite their importance, these applications have been neglected by most of the security community. They fall outside the scope of most traditional and holistic security solutions.

Did you know?

  • In the last two years, 64% of ERP systems have been breached 
  • Over the past 5 years, there have been five US-CERT alerts on malicious cyber activity or vulnerabilities in SAP
  • According to a Ponemon Institute report, almost two-thirds of organizations have a backlog of security vulnerabilities
  • 70% of organizations say their application portfolio has become more vulnerable in the past year

Over the last 12 years, Onapsis has been dedicated to solving these cybersecurity concerns. The Onapsis Research Labs has identified hundreds of vulnerabilities and emerging, novel threats to critical enterprise systems and confirmed that many of the decade’s largest breaches can be traced back to vulnerabilities in business applications. To date, this team of white-hat hackers has discovered 800+ zero-day vulnerabilities in mission-critical applications and supported 5 U.S. Department of Homeland Security alerts.

To kick off Cybersecurity Awareness Month, we’ve rounded up some noteworthy cybersecurity reports from the Onapsis Research Labs team to help you better protect your business-critical applications:

RECON Vulnerability
The Onapsis Research Labs and SAP worked together in late 2020 to uncover and mitigate the serious RECON vulnerability. The RECON vulnerability affects a default component present in every SAP application running the SAP NetWeaver Java technology stack. This technical component is used in many SAP business solutions, and a successful exploit could give an unauthenticated attacker full access to the affected SAP system.

Active Cyberattacks on Business-Critical SAP Applications
In April 2021, we released new threat intelligence and the first public report from Onapsis Threat Intelligence Cloud. Not only has the threat landscape grown in recent years, but threat actors have gotten more sophisticated using well-known exploits and the window for defenders has gotten increasingly smaller.

Monthly SAP Security Notes
Onapsis Research Labs regularly contributes to SAP Security Notes and releases our analysis every Patch Tuesday.

Learn more about how to protect your family and your organization at www.cisa.gov/cybersecurity-awareness-month.