>>
Industry>>
Erp>>
SAP Security Crisis Ignites Bo...A revealing discussion between Under Armour and Onapsis experts highlights critical ERP vulnerabilities in SAP systems that demand immediate enterprise-wide cybersecurity attention.
NEW YORK—A chilling disclosure from Under Armour’s cybersecurity unit and application defense firm Onapsis has jolted corporate leaders: SAP systems—the digital skeleton of global enterprises—are riddled with unpatched vulnerabilities that hackers actively exploit to sabotage operations, steal finances, and paralyze supply chains. During a closed-door briefing leaked to press, experts painted a nightmare scenario: Attackers lurk undetected for months in SAP environments, manipulating purchase orders, rerouting shipments, or siphoning sensitive employee data—all while companies mistake the breach for “glitches.” One cited example? A European automaker faced $200M in losses after attackers silently altered inventory codes, halting assembly lines.
Unlike splashy ransomware attacks, SAP intrusions are stealth warfare. Hackers target known flaws in outdated modules—like decades-old SAP GUI interfaces still used in manufacturing—or exploit misconfigured cloud integrations. Onapsis revealed 68% of SAP systems run vulnerable Java code, while 40% lack encryption for critical financial transactions. “It’s not if, but when,” warned an Under Armour exec, noting their own SAP overhaul took 18 months. “These systems weren’t built for today’s threat landscape.” The core crisis? Patching SAP is like open-heart surgery. Downtime terrifies CFOs, so critical updates get deferred—sometimes for years. Meanwhile, SAP’s labyrinthine architecture hides backdoors. Onapsis disclosed one client found 1,400+ undocumented users in their system, including dormant “superadmin” accounts from merged subsidiaries.
The fix isn’t more firewalls, experts argue. It’s SAP-specific defenses, it needs to be Zero-Trust Access - Treat every SAP transaction as hostile until verified, Compromise Assessments - Hunt for adversaries already inside, Automated Patching - Use AI to simulate updates before deployment. For industries like pharma and aerospace—where SAP glitches can derail FDA submissions or jet production—the stakes are existential. “This isn’t IT’s problem,” growled a Fortune 500 CISO. “It’s the entire company’s survival.” As boards scramble for solutions, one truth emerges: SAP isn’t software. It’s the central nervous system of modern business—and it’s under attack. lobbying moderates to peel off support. But GOP leaders view Medicaid’s $800B annual price tag as ripe for reform—even if it means gambling with the nation’s healthcare backstop. As state budgets brace for impact, one hospital CFO summarized the mood: “This isn’t trimming fat. It’s rebreaking bones that never healed.”