2025 has proven to be a real “wake up call” for SAP security, marked by critical zero-days, public exploits, a significant rise in sophisticated threat actor activity, and hundreds of global enterprises compromised after waves of targeted attacks that continue to this day. Security teams are struggling to keep pace – especially when it comes to unfamiliar, complex software such as SAP. These teams frequently lack the deep SAP threat insights and specialized exploit detection that today’s modern SAP attack landscape requires in order to effectively defend these mission-critical business systems.

This webinar will provide security professionals with an in-depth, educational look at both the latest tactics, techniques, and procedures used by threat actors to directly attack SAP, as well as the next-gen methodologies and tooling required to defend against them.

You will learn:

How Onapsis Defend and Microsoft Sentinel for SAP integrate together to help customers defend their critical systems against increasingly successful SAP cyberattacks
Key lessons from 2025’s most impactful SAP vulnerabilities, exploits, and breaches
The latest exploit detection, response automation, and AI capabilities your team should be leveraging to accelerate and optimize your SAP incident response

This on-demand webinar delves into the key findings from the SAPinsider Benchmark Research report, “The Technology Leader’s 2025 Agenda for SAP.” This session will break down the strategies and investments that technology leaders are prioritizing as they navigate the shift to SAP S/4HANA and the growing influence of AI.

In this session, we’ll cover:

Business Priorities: Discover the top business priorities for technology leaders in 2025, with a deep dive into why increasing process efficiency and building an AI strategy are at the top of the list.
Investment Trends: Understand where technology leaders are directing their budgets, including strategic investments in current and new AI technologies, SAP S/4HANA, and data warehousing platforms.
The Talent Gap: Learn about the most in-demand SAP-related skills and how companies are preparing their teams for the challenges of SAP S/4HANA migration and AI deployment.
Overcoming Challenges: Hear about the biggest roadblocks to AI deployment, such as a lack of clean data and security concerns, and learn how to address them responsibly.

Over 92% of organizations identify the data in their SAP systems as mission-critical or highly important. Yet, the cybersecurity landscape is more challenging than ever. Onapsis, in collaboration with SAPinsider, presents the findings of their latest research report, Cybersecurity Threats and Challenges to SAP Systems.

In this on-demand webinar, you’ll gain crucial insights into the evolving threat landscape, including why data exfiltration has become the number one concern for SAP systems. We’ll also cover the number one challenge organizations face: keeping up with security notes and patches.

In this webinar, you’ll learn:

The top cybersecurity threats to SAP systems in 2025, and how they’ve shifted.
Key drivers behind your cybersecurity strategy, from protecting sensitive data to keeping systems online.
The biggest challenges organizations face in securing SAP systems, and how to overcome them.
The cybersecurity investments and actions leading professionals are prioritizing.
Actionable strategies to mature your defenses and take control of your SAP landscape’s security today.
Watch now to gain crucial insights and actionable strategies for a more secure SAP environment.

The decision to migrate to SAP RISE represents a significant opportunity, but it also introduces a fundamental shift in how security is managed. A successful transformation hinges on a clear understanding of the SAP RISE shared responsibility model—who does what and when. A proactive approach to this model is critical for laying a strong foundation and avoiding costly issues down the line.

This session will cover:

The key security differences between your current on-premise environment and a future cloud-based model, and how the shared responsibility model redefines your role.
How to assess your existing security posture and align it with the responsibilities you will retain in the SAP RISE cloud.
Best practices for developing a robust pre-migration security strategy that leverages the shared responsibility framework to minimize risk.
A roadmap for protecting your data and systems by clearly defining your duties and those of SAP.
By the end of this session, you’ll have a clear understanding of the crucial steps your organization needs to take to prepare for and ensure a successful SAP RISE journey by effectively navigating the shared responsibility model.

In recent months, an unprecedented wave of SAP zero-day attacks exposed critical structural weaknesses in the security programs of hundreds of the world’s leading organizations—raising urgent questions about detection, response, and long-term resilience of their business-critical applications. And while this made major headlines, many business leaders are still scrambling to understand what happened, what this means for their organization, and how to be protected against future attacks.

Cybersecurity leaders from EclecticIQ, Mandiant, NightDragon, and Onapsis come together to unpack these threats—from initial discovery of in-the-wild SAP exploitation and dissection of the first-ever SAP zero-day, to coordinated disclosure, patching, and proactive defense strategies.

What you will learn?
You will gain an inside look at how advanced threat actors are targeting SAP applications, what threat intelligence reveals about ongoing exploitation campaigns, and why traditional defenses often fall short. You’ll also walk away with practical guidance on how to assess risk, accelerate remediation, and harden SAP environments against future zero-day threats.

Whether you’re a CISO, CIO, or business leader, this session will equip you with the insights and actions needed to protect your organization’s most critical systems.

Discover key insights, gain actionable advice, and empower your organization to navigate the cloud securely during this conversation with industry experts from Onapsis and Capgemini.

Join us for an educational conversation where we delve into the world of SAP security in the cloud. As enterprises increasingly migrate their SAP systems to the cloud, it becomes imperative to address the unique security challenges that arise in this new landscape. In this thought leadership session, our experts will share best practices, solutions and practical strategies for securing SAP in the cloud, including an update on the SAP threat landscape, the Shared Fate & Responsibility Model for SAP applications and best practices to ensure the integrity, confidentiality, and availability of critical business data. Discover key insights, gain actionable advice, and empower your organization to navigate the cloud securely while harnessing the full potential of SAP.

Evidence of active attacks against this vulnerability has been observed by ReliaQuest, Onapsis Threat Intelligence, and confirmed by multiple IR firms in recent active investigations.

SAP published an emergency security patch on April 24, 2025 to address this issue. The vulnerability is of critical severity (CVSS 10), and affects the SAP Visual Composer component of SAP Java systems, which is not enabled by default.

Critical Exploit Details:
Unauthenticated threat actors can exploit CVE-2025-31324.
Attackers can gain full control of vulnerable SAP systems.
Risks include unrestricted access to SAP business data and processes, ransomware deployment, and lateral movement.
Continued exploitation is expected against vulnerable internet-facing SAP Java systems.

SAP defenders were briefed on an active exploitation campaign targeting a critical CVSS 10.0 vulnerability (CVE-2025-31324). The attack campaign was executed against SAP systems around the world. Thanks to rapid response from SAP, a security patch was released quickly. However, the ongoing impact of this orchestrated attack campaign remains far-reaching and the threat of further potential exploitation of this vulnerability is still very much active.

In this episode of the SAPinsider Las Vegas 2025 podcast, host Robert Holland SAPInsider speaks with JP Perez-Etchegoyen, CTO and co-founder of Onapsis, and Gaurav Singh, Senior Cybersecurity Manager at Under Armour, about the growing importance of cybersecurity in SAP landscapes. The conversation centers around their newly released book, Cybersecurity for SAP, the first SAP Press book to bridge the gap between traditional SAP security and modern cybersecurity practices. Perez-Etchegoyen and Singh discuss key challenges SAP customers face—like increased landscape complexity, cloud transitions, and lingering myths that SAP systems behind firewalls are secure. They emphasize the critical need for collaboration between SAP and security teams, a shift in mindset toward proactive cybersecurity, and the adoption of risk-based strategies. The duo also highlights the importance of purposeful action, education, and building strong cybersecurity programs tailored to evolving SAP environments.

An Interview with Mariano Nunez of Onapsis. In this episode of the SAPinsider Las Vegas 2025 podcast, host Robert Holland SAPInsider speaks with Mariano Nunez, CEO and co-founder of Onapsis, about the evolving cybersecurity landscape for SAP customers. Nunez shares key challenges organizations face in securing SAP applications—especially during cloud migrations like RISE with SAP—highlighting the confusion around shared security responsibilities between SAP and its customers. He emphasizes the importance of visibility, automation, and expert guidance to build secure-by-design cloud environments and ensure compliance. The conversation also explores the surge in cyber threats targeting SAP systems, the growing role of AI in both offensive and defensive security strategies, and the critical need for specialized SAP cybersecurity expertise. Nunez encourages SAP professionals to expand their skills into cybersecurity, noting the career opportunities emerging at this intersection. He also discusses Onapsis’ unique role as a cybersecurity partner with an SAP-endorsed app and the value of people, processes, and partnerships in creating comprehensive security solutions.