59% of Organizations Hit by MFT Security Incidents Amid Weak Encryption and Oversight

59% of organizations experienced managed file transfer (MFT) security incidents in the past year, with most resulting from basic, preventable gaps. The Kiteworks 2025 report reveals that failing to encrypt data at rest, lacking SIEM integration, and operating fragmented systems are the silent culprits behind this alarming breach rate.

The GoAnywhere zero-day vulnerability (CVE-2025-10035) was a critical flaw in Fortra’s Managed File Transfer (MFT) software that allowed attackers to execute remote commands without authentication by exploiting a deserialization bug in the license servlet. This flaw was first discovered in September 2025 and actively exploited before patches were released. The Medusa ransomware group and other threat actors used forged license response signatures to gain access, create backdoor admin accounts, and deploy ransomware across compromised networks.

Weak governance and fragmented systems amplify risks

According to the latest Kiteworks report, organizations with mature governance (such as regular access reviews, automated deprovisioning, and time-limited credentials) report significantly fewer security incidents. Strong governance also improves audit logging and third-party risk management, which creates a more resilient and accountable data environment.

This study also found that 63% of organizations haven’t integrated their MFT systems with SIEM/SOC platforms, which means that critical file transfers occur outside the view of security teams. This lack of visibility creates blind spots that attackers can exploit without triggering alerts or detection.

Additionally, most organizations encrypt data in transit, but only 42% secure data at rest using AES-256 encryption, which leaves stored files vulnerable. Organizations with stronger governance practices tend to close this gap more effectively to reduce breach risks connected to unprotected storage.

Advanced security controls still rare in most organizations

The Kiteworks 2025 report highlighted that 73% of organizations don’t use Content Disarm & Reconstruction (CDR), and 67% lack attribute-based access control (ABAC). Moreover, nearly half of organizations have yet to automate deprovisioning, which leaves excessive access permissions that attackers or insiders can exploit.

Furthermore, AI-related threats are growing fast, as 26% of organizations have already experienced incidents involving AI misuse, and 30% allow sensitive files to be used with AI tools without proper controls. This uncontrolled usage introduces new vectors for data leakage and compliance violations.

“The GoAnywhere zero-day is a wake-up call: attackers exploit blind spots in MFT systems to gain admin access and move laterally. Kiteworks’ survey shows this isn’t isolated — organizations lacking governance maturity, advanced controls, and monitoring face substantially higher risk, now compounded by emerging AI threats. Mature governance transforms security outcomes, reducing incidents and third-party risk, and is essential for real protection,” said Frank Balonis, CISO & SVP of Operations, Kiteworks.

What are the key recommendations for strengthening MFT security posture?

Organizations should implement AES-256 encryption for stored files to significantly reduce breach risk, especially for sectors like government and healthcare, where adoption is critically low. They should also connect MFT systems to monitor platforms in order to ensure real-time threat detection and response.

It’s also recommended to consolidate fragmented architectures across email, file sharing, and web forms into a unified platform to improve policy enforcement, simplify audits, and reduce attack surface. Administrators should also perform automated deprovisioning, quarterly access reviews, and time-limited credentials to prevent insider threats and stale permissions.

Last but not least, organizations must implement policies and technical controls that restrict AI tool usage with sensitive files. Moreover, they should prioritize CDR deployment to strip hidden threats from shared files. Organizations are also advised to treat patching as “very important” rather than “extremely critical.”