Merry AppsMas from Onapsis!

At Onapsis, we are on a mission to protect the applications that power the global economy — specifically, the business-critical SAP, Oracle, Salesforce, and cloud apps at the core of your organization. This December, we’re bringing you a new holiday tradition: The 12 Days of AppsMas. Welcome!

Over the next few weeks, we’ll be sharing twelve blogs that cover best practices for protecting yourself and your organization against cyberattacks this holiday season, a look back at the cybersecurity trends that typified 2021, and predictions for the new year to help inform your 2022 security strategy. Over the course of the month, you’ll hear customer case studies, threat intelligence findings from The Onapsis Research Labs, insights from Onapsis product teams, and executive perspectives. 

Let’s kick it off today with a level set on the state of business-application security and key resources for your consideration, specific to where your organization is on its journey to securing your business-critical applications. 

It’s been quite the year for business-critical application security. We saw a record number of ransomware and cyberattacks on organizations across the globe. From manufacturing to healthcare to utilities — no industry was immune. The impact has been substantial and far reaching, disrupting global services and supply chains.

Increasingly, the application layer is the primary target for these cyber criminals. SAP & Onapsis found conclusive evidence of a sophisticated category of attackers who target and exploit unsecured business-critical SAP applications. These attacks are not only brute-force attempts made directly against the application. Some chain multiple vulnerabilities together in order to target specific applications and gain access to the operating system.

And most recently, the Biden administration issued Binding Operational Directive 22-01 requiring urgent and prioritized remediation of known exploited vulnerabilities in the software and hardware of federal information systems. With this directive, the Biden Administration has officially recognized that software and application vulnerabilities present a huge risk to the integrity of information systems and the security of the nation. 

Raising awareness for existing application security gaps and enabling global businesses to better protect themselves, their employees, and their customers has been our charter for over a decade. Below, you’ll find a curated list of resources, threat intelligence, and executive insights to inform your business-critical application security strategy.

Still coming up to speed on the risk posed by unprotected business-critical applications? Start here:

• Over ten new on-demand webinars on topics ranging from protecting your SAP applications from ransomware to compliance tips for Salesforce
• A new whitepaper on the need for a risk-based vulnerability management solution specifically for your business-critical applications 
• Migrate to S/4HANA with security at top of mind with our ebook, DevSecOps for S/4HANA Migrations for Dummies

Ready to dig into threat intelligence and research about the current threat landscape? Check out the below:

• 12 SAP Patch Tuesdays analysis blogs
• A joint SAP and Onapsis threat intelligence report on active cyberattacks on SAP applications and actions to take to defend your business
• A joint SAP and Onapsis report on today’s ransomware landscape and steps to take to protect your organization

Looking for perspective on recent federal statements and directives? Read the below:

• CEO insights on the Executive Order on Improving the Nation’s Security 
• CEO perspective on CISA Binding Operational Directive 22-01 
• Onapsis Research Labs guide to CISA BOD 22-01, remediation guidance for the SAP vulnerabilities in CISA’s catalog
• CEO response to the DHS’s Transportation Security Administration’s cybersecurity initiatives

What to learn more about who we are? Take a look through these resources:

• CEO Mariano Nunez shares his journey to Onapsis and the strategies and techniques he used to overcome challenges with Authority Magazine
• Supported over a dozen charities worldwide through our Onapsis Cares program
• Celebrated our twelve-year Ona-versary with a reset day 
• Selected as the ‘Vulnerability Management Solution of the Year’ by CyberSecurity Breakthrough
• Recognized among the fastest growing private companies in the U.S. by Inc. Magazine
• Meet eight new team members in our Meet the Ona series

On deck for tomorrow? A checklist for holiday cybersecurity readiness.

Keep up with the 12 Days of AppsMas by following us on LinkedIn and subscribing to our blog.

 

Some of 2021’s AppsMas Blogs:

• 10 Steps to Protect SAP Applications From Ransomware 
• SAP Security: 4 Steps to Respond to a Ransomware Attack
• Don’t Let A Cyberattack Ruin Your Holiday: Tips for Business Leaders
• Why Your Organization Needs an ERP Security Strategy in 2022
• What Does ‘The Great Reshuffle’ Mean for Your Company’s Business-Critical HCM Application Security?