Are We Failing to Secure Files? Attackers Aren’t Failing to Check

According to a new Ponemon study, weak file protections now account for several cybersecurity incidents a year for many organizations.

Unsafe file-sharing practices, malicious vendor files, weak access controls, and obscured file activity are largely to blame. File Integrity Monitoring (FIM) could be the solution.

Are Files Safe in Transit? More Than Half Unsure

You know something’s wrong when more people feel better about downloading files from unknown sources than they do about file uploads or transfers. Over 50% were unsure if files sent via email, transferred via third parties, or otherwise uploaded were actually secure.

That’s too bad, because files at rest (at least on-premises) didn’t receive high safety marks either: when it came to non-cloud databases like NAS and SharePoint, those traditional types of storage hubs were deemed the most likely to expose sensitive files. Files that could be downloaded from SaaS applications also presented a high risk.

The dangers of file transfers are understandably worrisome; infected files could spread malware, sensitive files could be sent to the wrong hands, and outdated file transfer protocols could result in compromised software and ultimate loss of data, IP, and customer trust.

60% Can’t Address File-Based Threats in Less Than a Week

Not having the right internal security on files is only an issue when you consider the external attacks that are targeting your files.

According to the report, the top file-targeting threats are:

• Macro-based malware: Malicious code, hidden within document macros like Visual Basic for Applications (VBA) scripts, executes automatically upon opening an infected Word document or Excel spreadsheet.
• Zero days: These previously unknown malware types leave nothing behind for detection tools to catch, and many evade detection by living-off-the-land techniques that further hide their trail.

These attacks outrun patches and outsmart traditional defenses. Given their nature, it makes sense that 60% of all respondents claimed it would take them a week or more to respond to file-based threats.

Unfortunately, this is more than enough time for attackers to make their move. The mean-time-to-exploit now hovers at around five days (down from 32), putting sensitive files that live behind those hidden weaknesses at serious risk.

As Always, AI Can Help

We won’t be surprised to see AI making its way into the security response, given the power and speed of file-based attacks. One third of respondents are already using it to secure their files, another third are planning on it, and the consensus overall is that it does what it does everywhere; reduces costs, improves efficiency, and allows teams to combat risks at scale.

But how about protecting files from AI? In the 2025 Oh, Behave! report, a shocking 40% of all respondents admitted to dumping sensitive company data into AI models (without telling their employers, no less). This type of behavior puts key artifacts into the hands of anyone with the right prompts.

Interacting with AI chatbots garners a similar level of concern. Nearly 75% of consumers fear for their data privacy when interacting with bots, a recent survey noted.

That’s why organizations using AI workloads report leveraging AI guardrails and prompt security solutions, as well as checking for malware and masking important information.

Real-Time Protection with File Integrity Monitoring (FIM)

The way to catch file-based attacks in the act is to note any changes to files as soon as they occur. However, even that is just a start.

Fortra’s File Integrity Monitoring (FIM) uses automation to determine:

• Who accessed the file.
• What was done with the file.
• When file changes were made.

It goes beyond change logging alone: organizations today need more than more information; they need a streamlined way to use it. This means tools with the ability to operationalize change data and turn it into actionable response.

Which is exactly what Fortra’s FIM does. After discovering real-time file changes, Fortra FIM again leverages scripted automation to remediate the ones that go against policy and put the files (and their data) at risk, including validating the outcome of any remediation automatically. This helps preserve data privacy and compliance while reducing the time it takes to fix file-based mistakes and ensures that you have an audit trail, not just for the changes that take place, but the remediation steps taken in response.

Whilst File Integrity Monitoring gives an option for keeping on top of what's changing within the organisation, it's still worth bolstering your protection with useful tools like MFT. Restricting what can change on your network is useful but keeping it on your network can be just as important with GoAnywhere providing a useful way to empower employees to share important files safely across the borders of your network monitoring.

It not only helps in preventing attacks; it helps in reporting, which is a huge lever for justifying more file security measures in the future—and passing audits now.

Says EdFinancial Services of their experience using Fortra, “Now, instead of spending as many as 28 man-days over a year providing manual proof of change control...we now spend about an hour per audit answering questions about our change processes. That's a reduction of nearly 90%!”

Final Thoughts

Keeping track of files at scale is hard and will only get harder. As environments grow more distributed and data increasingly needs to cross boundaries, organizations are opening themselves up to risk, whether or not they send it, store it, or ignore it.

A file integrity monitoring solution that recognizes changes is not unique, but one like Fortra’s that goes beyond notifications to empower action is.