Guest accounts a major threat to IT environments: report


By Dylan Bushell-Embling
Wednesday, 01 July, 2026

Guest accounts a major threat to IT environments: report

Instead of external threats, trust is the primary source of risk within modern IT environments, Kaseya’s 2026 SaaS Security Report indicates.

An analysis of more than 27.6 billion software-as-a-service (SaaS) security threats across over 5000 SMB environments found that unmanaged guest accounts now make up 69% of accounts in SaaS environments, significantly outnumbering licensed users. Persistent third party access is creating major security liabilities for SMBs, the report states, with the threat compounded by the rush to adopt AI. The research found that non-human service logins now account for 20% of critical security alerts.

In addition, 56% of monitored accounts lacked active multi-factor authentication (MFA), and only 27% of SMBs examined enforced organisation-wide MFA. This oversight is allowing attackers to silently exfiltrate data using guest accounts. Meanwhile, data leakage remains high in productivity environments. In Microsoft 365 for example, 45% of shared files were sent outside the organisation.

Finally, while 98.9% of security events monitored were classified as low severity, organisations still faced more than 278 million medium- and critical-severity alerts requiring investigation.

Kaseya Chief Product Officer Jim Lippie said today’s AI-emboldened threat actors see one interconnected attack environment, whereas most organisations defend their infrastructure in pieces.

“The most resilient organisations will be those that embrace continuous monitoring, identity governance and automated response as foundational requirements,” he said.

Kaseya is recommending that organisations seeking to address these threats transition from perimeter defences to an active, identity-first security posture, enforce organisation-wide MFA and continuously audit machine identities and external sharing permissions.

Image credit: iStock.com/amgun

Related News

Accenture to spend $6bn growing its OT security business

Accenture has arranged to acquire a majority stake in OT security company Dragos and complete two...

ACSC critical alert for Fortinet Firewalls and VPN Gateways

The Australian Cyber Security Centre has raised an alert that it is aware a widespread malicious...

Check Point and Illumio team up to counter AI threats

Check Point and Illumio have announced an expanded partnership aimed at helping organisations...


  • All content Copyright © 2026 Westwick-Farrow Pty Ltd