Guest accounts a major threat to IT environments: report
Instead of external threats, trust is the primary source of risk within modern IT environments, Kaseya’s 2026 SaaS Security Report indicates.
An analysis of more than 27.6 billion software-as-a-service (SaaS) security threats across over 5000 SMB environments found that unmanaged guest accounts now make up 69% of accounts in SaaS environments, significantly outnumbering licensed users. Persistent third party access is creating major security liabilities for SMBs, the report states, with the threat compounded by the rush to adopt AI. The research found that non-human service logins now account for 20% of critical security alerts.
In addition, 56% of monitored accounts lacked active multi-factor authentication (MFA), and only 27% of SMBs examined enforced organisation-wide MFA. This oversight is allowing attackers to silently exfiltrate data using guest accounts. Meanwhile, data leakage remains high in productivity environments. In Microsoft 365 for example, 45% of shared files were sent outside the organisation.
Finally, while 98.9% of security events monitored were classified as low severity, organisations still faced more than 278 million medium- and critical-severity alerts requiring investigation.
Kaseya Chief Product Officer Jim Lippie said today’s AI-emboldened threat actors see one interconnected attack environment, whereas most organisations defend their infrastructure in pieces.
“The most resilient organisations will be those that embrace continuous monitoring, identity governance and automated response as foundational requirements,” he said.
Kaseya is recommending that organisations seeking to address these threats transition from perimeter defences to an active, identity-first security posture, enforce organisation-wide MFA and continuously audit machine identities and external sharing permissions.
Accenture to spend $6bn growing its OT security business
Accenture has arranged to acquire a majority stake in OT security company Dragos and complete two...
ACSC critical alert for Fortinet Firewalls and VPN Gateways
The Australian Cyber Security Centre has raised an alert that it is aware a widespread malicious...
Check Point and Illumio team up to counter AI threats
Check Point and Illumio have announced an expanded partnership aimed at helping organisations...
