With MFT use growing among manufacturers, new findings see critical cybersecurity gaps

Manufacturers use managed file transfer to swap large volumes of data with their suppliers, distributors and partners, allowing real-time tracking and visibility across their supply chains. But as one new cybersecurity report points out and a recent high-profile exploit of a popular MFT product shows, MFT is proving vulnerable.

A timeline: The vulnerability in Fortra’s GoAnywhere MFT product was discovered as early as Sept. 10 or Sept. 11 and the problem was listed on the U.S. Cybersecurity and Infrastructure Security Agency’s list of exploited vulnerabilities on Sept. 29.

The flaw was described with CISA as a “deserialization vulnerability” within the GoAnywhere license servlet, meaning attackers could perpetrate “command injection attacks,” allowing them to achieve remote code execution and compromise systems exposed to the internet. Fortra has since released patches and has urged its customers to perform updates immediately.

“The GoAnywhere zero-day is a wake-up call: Attackers exploit blind spots in MFT systems to gain admin access and move laterally,” said Frank Balonis, CISO and senior VP of operations for Kiteworks, which is out this week with its annual MFT survey report.

See also: Cybersecurity flaws found and fixed in widely used industrial network devices

Balonis added: “Kiteworks’ survey shows this isn’t isolated—organizations lacking governance maturity, advanced controls, and monitoring face substantially higher risk, now compounded by emerging AI threats. Mature governance transforms security outcomes, reducing incidents and third-party risk, and is essential for real protection.”

The MFT market: MFT software use is expanding, driven by the need for secure, reliable, and compliant data transfers for activities such as supply chain management, Electronic Data Interchange, and sharing large datasets.

This type of tool is bound to gain in popularity in manufacturers’ haste to shake up their supply chains in the Trump tariff economy and amid the focus on supply chain resilience.

See also: The inconvenient truth of Trump’s tariff plan on U.S. supply chains

According to QY research found on LinkedIn, the global MFT software market was valued at $1.4 billion last year and is projected to grow to $2.07 billion by 2031. Fortra is a major MFT vendor, as is Progress, IBM, Globalscape, Oracle, Cleo Communications, JSCAPE, Axway, and CData.

Kiteworks: Flaw threatened to allow attackers to establish backdoor admin accounts

Kiteworks, vendor of a data exchange platform designed to protect sensitive information by securing file sharing, email, and web forms among others, noted in its survey report that last month’s GoAnywhere exploit shows how attackers can exploit gaps in MFTs but also claimed the Fortra attack “shows that such incidents reflect systemic vulnerabilities across organizations: 59% of respondents reported MFT security incidents in the past year, despite investments in encryption and controls.”

Some of the Kitework’s survey’s other findings:

• Governance matters: Organizations with mature data governance have far fewer incidents, better audit logging, and stronger third-party risk management.
• Monitoring blind spots: 63% haven’t integrated MFT into SIEM/SOC systems, leaving critical file movements invisible to security teams.
• Encryption gaps: Only 42% encrypt data at rest; governance maturity cuts these gaps.
• Advanced security controls are rare: 73% don’t use content disarm and reconstruction (CDR); 67% lack attribute-based access control; 48% haven’t automated deprovisioning.
• AI risks compounding vulnerabilities: 26% in Kiteworks’ survey have experienced AI-related incidents, and 30% allow uncontrolled AI use with sensitive files.
• Risk miscalibration: Organizations rank patching and other critical controls as only “very important” rather than “extremely critical,” even as incidents occur.

"Private data exchange isn't about basic security anymore—it's about governance maturity and advanced threat protection," said Tim Freestone, chief strategy officer at Kiteworks.

See also: How agentic AI can be a 'force multiplier' in IT and OT cybersecurity

"Organizations check compliance boxes while missing fundamental governance. They can't tell you where sensitive files are stored, who accessed them last week, or how they move between systems. Without this visibility, even sophisticated security tools become expensive decorations."

The Kiteworks survey also identifies three critical failures that separate the 59% experiencing MFT incidents from the 39% who remain secure:

• Encryption gaps: Organizations obsess over encrypting data in motion (76% have end-to-end encryption) while ignoring data at rest. Only 42% protect stored data, leaving the majority vulnerable where attackers strike—in file storage, backups, and temporary directories.
• Visibility gaps: 63% of organizations haven’t connected their MFT systems to security monitoring. Their teams watch network traffic and endpoint activity while file transfers—often containing the most sensitive data—operate in darkness.
• Complexity gaps: 62% maintain separate systems for email security, file sharing, and web forms. This fragmentation doesn’t just waste resources; it creates the inconsistencies and blind spots that attackers can exploit.

Black Kite finds interconnected supply chains expose huge “attack surface”

Meanwhile, another report released this week, this one from Black Kite, a vendor of third-party risk management software, also dealt with the nuances of cybersecurity in supply chains.

Black Kite’s report, Why Your Supply Chain is Your Biggest Cyber Risk, reveals that manufacturing remains the No. 1 ransomware target for the fourth consecutive year.

The report also found that manufacturing ransomware attacks increased by 9% compared to 2024, “driven by rapid digital transformation and pervasive security vulnerabilities.”

A significant driver of the 9% ransomware increase is the supply chain, Black Kite found. Not only are larger enterprises a target, but new and smaller ransomware groups are targeting smaller contractors to gain a foothold in the larger manufacturing ecosystem.

Manufacturing's "greatest vulnerability isn't its own network—it's the massive, interconnected supply chain that keeps the business running,” Fehart Dikbiyik, chief research and intelligence officer at Black Kite, said in a release.

See also: New report sees surge in OT cybersecurity awareness among manufacturers

“As more manufacturers continue digital transformation in the years following COVID-19, their expanding supply chains create a larger attack surface. At the same time, the speed at which new vulnerabilities are introduced has left organizations struggling to patch critical exposures in a timely manner, increasing their ransomware susceptibility.”

He continued: “Our findings reveal that cybercriminals are not attacking indiscriminately; they are deliberately targeting this industry because they know its operational continuity is critical and any disruption can cause a cascading effect through global supply chains.”

More findings from Black Kite:

• Complex OT, global exposure, and intricate digital footprints, are attractive to well-resourced attackers.
• Among companies earning over $1 billion, manufacturing comprises a staggering 38.9% of ransomware victims. For those earning between $100 million and $300 million, manufacturing accounts for 30% of ransomware victims. Among companies earning less than $20 million, manufacturing is the second targeted at 17%.
• This strategy allows attackers to bypass the more robust defenses of large manufacturers by exploiting their less secure third-party suppliers.
• Cybercriminals are deliberately targeting manufacturing because its operational continuity is critical. This is particularly true for high-value targets, with manufacturing accounting for 38.9% of ransomware victims among companies earning over $1 billion.
• Vulnerabilities are pervasive in manufacturing, which has significant, easily exploitable weaknesses; 75% of manufacturing companies, for example, have critical vulnerabilities with a CVSS score of 8 or higher, and 65% have at least one vulnerability listed in CISA’s Known Exploited Vulnerabilities Catalog, meaning these weaknesses are already being exploited by threat actors.