Interested in being a guest? Email us at [email protected]

Cybersecurity for business-critical applications represents one of the most significant blind spots in enterprise security today. As Mariano Nunez, CEO and co-founder of Onapsis reveals, sophisticated attackers are now targeting the crown jewels of organizations – their SAP, Oracle, and other mission-critical systems – with unprecedented success.
What makes these attacks particularly alarming is how they bypass traditional security controls. While most organizations focus on user access controls and segregation of duties, today's threat actors exploit vulnerabilities at the application layer without requiring any user credentials. As Mariano explains, "Attackers are exploiting and attacking the systems even without a user to begin with. It's a different paradigm." This fundamental shift coincides with the migration of formerly protected internal systems to cloud environments where they're increasingly exposed to external interfaces, AI integrations, and new business models.
The most sobering revelation comes from Mariano's disclosure of an unprecedented cyber campaign that began in January 2023. Chinese threat actors developed zero-day exploits for SAP systems, silently compromising hundreds of organizations worldwide, including critical infrastructure and government entities. Even after patches were released, many organizations found themselves in a troubling position: "It's almost as if you would unlock your front door and change the front door lock, but the thief is already in the basement." This represents the worst attack campaign against business applications in 15 years, highlighting the urgent need for specialized security approaches.
Onapsis differentiates itself by providing purpose-built protection for these critical systems, working in close partnership with vendors like SAP and Oracle while helping security teams manage risk even when immediate patching isn't possible due to downtime constraints. For organizations navigating digital transformation, the message is clear: generic security tools provide a dangerous false sense of security when it comes to your most valuable business applications.
Want to learn how your organization can protect its business-critical applications from sophisticated attacks? Listen to the full conversation and discover why traditional security approaches are failing to address these emerging threats.

Support the show

More at https://linktr.ee/EvanKirstel