From Gartner Security & Risk Management Summit 2015, Onapsis Announces Oil and Gas Companies at Risk from SAP Vulnerabilities

Share Article

Findings to be presented in webcast: Cyber-Attacks on SAP Systems: Securing the Oil and Gas Crown Jewels


The threat to oil and gas organizations from SAP vulnerabilities is very real and has the potential for broad reaching impact on the operations and economy driven by these critical providers

GARTNER Security & Risk Management Summit 2015 – Onapsis, the global experts in business-critical application security and SAP cyber-security solutions, today announced a new webcast “Cyber Attacks on SAP Systems: Securing the Oil and Gas Crown Jewels.” Originally presented at the Infragard Oil and Gas Special Interest Group May 19, 2015, the criticality of the threat to infrastructure was recognized by the Federal Bureau of Investigation (FBI) and further discussed in an in-depth, closed-door briefing at the conference. Now, key findings, risks and potential impact of security vulnerabilities will be made available to the industry at large via webcast.

Onapsis is a Silver Sponsor for the Gartner Security & Risk Management Summit 2015 June 8-11 and is exhibiting at booth number 1114. The company will be sharing details of their study of the top three attack vectors for SAP systems with clients at the booth.

Webcast details:
Cyber-Attacks on SAP Systems: Securing the Oil and Gas Crown Jewels
July 16, 2015 at 9:00 A.M. and 2:00 P.M. Eastern
For registration please see:

One hundred percent of Fortune 500 oil and gas companies are running SAP, many of them depending on SAP for critical business functions. In addition to a variety of financial, IT and human resources systems, SAP is used by oil and gas companies for digital oilfield operations, hydrocarbon supply chain and operation integrity. SAP is also included in mission critical applications for inspection, maintenance and repairs, potentially involving Internet of things (IoT) and mobile elements. These solutions, while critical to reducing backlogs and improving efficiencies, expose companies to additional risk.

“The threat to oil and gas organizations from SAP vulnerabilities is very real and has the potential for broad reaching impact on the operations and economy driven by these critical providers,” said Mariano Nunez, CEO and co-founder of Onapsis. “Oil and gas organizations must move beyond operating strategies based on myths and confusion about SAP security.”

Research finds that common threat actors include unethical competitors, disgruntled employees with internal access, hacktivists or foreign states. Onapsis Research Labs analyzed vulnerabilities to identify the three most commonly used approaches to hacking into business critical data hosted in SAP applications. The primary attack vectors focus on customer information and credit card breaches, customer and supplier portal attacks, and database warehousing attacks.

“Our research findings show the vast majority of SAP systems evaluated contained critical vulnerabilities that exposed them to espionage, sabotage and fraud cyber attacks and the trend is increasing with cloud-based solutions. SAP HANA has brought a 450% increase in new security patches and doubles the need for protection which mush be ensured both in the cloud and on end-user devices,” Nunez continued.

Oil and gas organizations running critical business process in SAP ERP solutions and SAP Portal solutions are urged to stay up to date with the latest SAP Security Notes, and to ensure their systems are configured properly in order to meet your and compliance requirements and strengthen security.

Onapsis will be initiating a roadshow in June, where attendees will learn how SAP is becoming a critical component of all security and internal audit best practices, hear presentations on SAP Security implementation strategies and key lessons learned, network with other security professionals, and establish contacts for future collaboration. For more information on road show locations, please visit

About the Gartner Security & Risk Management Summit 2015
The Gartner Security & Risk Management Summit 2015 is focused on managing risk and delivering security in a digital world. This summit will provide best practices and strategies to maintain cost-effective security and risk programs in order to support digital business and drive enterprise success. This year’s summit will offer insights on building resilience, delivering effective security and implementing targeted projections. Experts will provide information on how to embrace new approaches to digital business while maintaining proven control architecture that mitigates enterprise risk. For more information on the summit, please visit the website at

About Onapsis
Onapsis provides the most comprehensive solutions for securing business-critical applications. As the leading experts in SAP cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps targeting their enterprise applications.

Headquartered in Boston, MA., Onapsis serves over 160 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating SAP applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP systems. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA and SAP Mobile deployments.

For more information, please visit, or connect with us on Twitter, Google+, or LinkedIn.

Share article on socal media or email:

View article via:

Pdf Print

Contact Author

Leslie Kesselring
Kesselring Communications
+1 503-358-1012
Email >
since: 05/2008
Follow >