Merry AppsMas from Onapsis!

At Onapsis, we are on a mission to protect the applications that power the global economy — specifically, the business-critical SAP, Oracle, Salesforce, and cloud apps at the core of your organization. This December, we’re bringing you a new holiday tradition: The 12 Days of AppsMas. Welcome!

Over the next few weeks, we’ll be sharing twelve blogs that cover best practices for protecting yourself and your organization against cyberattacks this holiday season, a look back at the cybersecurity trends that typified 2021, and predictions for the new year to help inform your 2022 security strategy. Over the course of the month, you’ll hear customer case studies, threat intelligence findings from The Onapsis Research Labs, insights from Onapsis product teams, and executive perspectives. 

Let’s kick it off today with a level set on the state of business-application security and key resources for your consideration, specific to where your organization is on its journey to securing your business-critical applications. 

It’s been quite the year for business-critical application security. We saw a record number of ransomware and cyberattacks on organizations across the globe. From manufacturing to healthcare to utilities — no industry was immune. The impact has been substantial and far reaching, disrupting global services and supply chains.

Increasingly, the application layer is the primary target for these cyber criminals. SAP & Onapsis found conclusive evidence of a sophisticated category of attackers who target and exploit unsecured business-critical SAP applications. These attacks are not only brute-force attempts made directly against the application. Some chain multiple vulnerabilities together in order to target specific applications and gain access to the operating system.

And most recently, the Biden administration issued Binding Operational Directive 22-01 requiring urgent and prioritized remediation of known exploited vulnerabilities in the software and hardware of federal information systems. With this directive, the Biden Administration has officially recognized that software and application vulnerabilities present a huge risk to the integrity of information systems and the security of the nation. 

Raising awareness for existing application security gaps and enabling global businesses to better protect themselves, their employees, and their customers has been our charter for over a decade. Below, you’ll find a curated list of resources, threat intelligence, and executive insights to inform your business-critical application security strategy.

Still coming up to speed on the risk posed by unprotected business-critical applications? Start here:

Ready to dig into threat intelligence and research about the current threat landscape? Check out the below:

Looking for perspective on recent federal statements and directives? Read the below:

What to learn more about who we are? Take a look through these resources:

On deck for tomorrow? A checklist for holiday cybersecurity readiness.

Keep up with the 12 Days of AppsMas by following us on LinkedIn and subscribing to our blog.


Some of 2021’s AppsMas Blogs: