Key Takeaways:
- 59% of organizations have reported Managed File Transfer (MFT) security incidents, largely due to governance and encryption shortfalls.
- The GoAnywhere zero-day exploit laid bare serious vulnerabilities exploited by attackers to deploy ransomware.
- Implementing robust governance and integrated security measures can significantly lessen breach risks and enhance visibility.
Recent data indicates that 59% of organizations encountered Managed File Transfer (MFT) security incidents over the past year, with many of these incidents stemming from fundamental, preventable issues. The Kiteworks 2025 report identifies critical factors such as inadequate encryption for data at rest, lack of Security Information and Event Management (SIEM) integration, and fragmented systems as primary contributors to this concerning trend.
One particularly alarming incident involved a zero-day vulnerability in GoAnywhere (CVE-2025-10035), a flaw in Fortra’s MFT software that enabled attackers to execute remote commands without authentication by exploiting a deserialization bug in the license servlet. Discovered in September 2025, this vulnerability was actively exploited prior to the release of patches. It allowed threat actors like the Medusa ransomware group to gain unauthorized access, establish backdoor accounts, and spread ransomware throughout affected networks.
Implications of Weak Governance and Fragmented Systems
According to findings in the Kiteworks report, organizations with advanced governance practices—such as regular access reviews and automated deprovisioning—experience markedly fewer security incidents. Such governance not only enhances audit logging but also strengthens third-party risk management, fostering a more resilient data environment.
However, the report also reveals that 63% of organizations have not integrated their MFT systems with SIEM/Security Operations Center (SOC) platforms. This lack of visibility means crucial file transfers occur outside the security team’s radar, creating exploitable blind spots for attackers.
While encryption for data in transit is common, only 42% of organizations utilize AES-256 encryption for data at rest, leaving stored files susceptible to breaches. Organizations with robust governance practices are more likely to effectively mitigate the risks associated with unprotected storage.
Shortcomings in Advanced Security Controls
The Kiteworks 2025 report highlights that 73% of organizations do not implement Content Disarm and Reconstruction (CDR) techniques, while 67% lack attribute-based access control (ABAC). Furthermore, nearly half of the organizations have yet to automate deprovisioning, resulting in excessive access permissions that can be exploited by malicious actors.
The threat landscape is evolving rapidly, with 26% of organizations reporting incidents related to AI misuse. Additionally, 30% allow sensitive files to interact with AI tools without adequate protections, increasing the risk of data leakage and compliance violations.
As Frank Balonis, CISO and SVP of Operations at Kiteworks, noted, “The GoAnywhere zero-day serves as a critical reminder: attackers exploit vulnerabilities in MFT systems to gain administrative access and move laterally within networks. Organizations without mature governance, advanced controls, and effective monitoring systems face significantly heightened risk, exacerbated by the rise in AI threats. Prioritizing mature governance is essential for enhancing security outcomes and minimizing incidents and third-party risks.”
Strategies for Enhancing MFT Security
For organizations seeking to bolster their MFT security posture, implementing AES-256 encryption for stored data is vital, particularly in sectors like government and healthcare, where compliance is paramount. Additionally, integrating MFT systems with monitoring platforms ensures real-time threat detection and response capabilities.
Consolidating fragmented architectures across email, file-sharing, and web forms into a unified platform can streamline policy enforcement, simplify audits, and reduce the attack surface. Administrators should also adopt regular access reviews, automated deprovisioning, and time-limited credentials to thwart insider threats and mitigate stale permissions.
It is also critical for organizations to establish regulations and technical controls that manage AI tool usage involving sensitive files and to prioritize the deployment of CDR to neutralize hidden threats in shared documents. Finally, organizations should approach patching with a sense of urgency, treating it as “very important” to reduce vulnerabilities.
