Guardz Warns MSPs of Cloud Ransomware and BEC Risks

Today, cybersecurity firm Guardz released its 2026 State of MSP Threat Report, a deep dive into how Artificial Intelligence and identity-first attacks have completely flipped the script for MSPs and the small businesses they protect. 

The report reveals that AI has officially killed the obvious phishing email. Gone are the days of spotting a scam by its bad grammar. Today’s threats are contextually perfect and personalized at a scale we haven’t seen before.

The numbers are startling: roughly 31% of users now deal with compromised passwords every single month. Attackers aren’t just guessing; they’re using AI to optimize password lists based on your specific habits and regional languages. 

The high cost of BEC incidents

The financial stakes have never been higher. The report analyzed confirmed Business Email Compromise (BEC) incidents this year that cost businesses between $140,000 and $1.5 million.

Meanwhile, ransomware hasn’t gone away; it’s just gotten smarter. Behavioral detections for ransomware surged by 190% over the past 50 days. 

Rather than using loud malware that triggers traditional alarms, attackers are “living off the land,” using legitimate IT tools like Remote Management (RMM) software to move through networks undetected. 

According to the report, 26% of endpoint threats now involve the abuse of RMM tools.

“What stands out in this data isn’t any single attack vector. It’s how identity, email, endpoint, and cloud signals are chaining together into multi-stage campaigns that move faster than traditional detection models were designed to handle,” Elli Shlomo, head of security research at Guardz, noted in the report.

The rise of machine users in SMB environments

While we focus on protecting human employees, a massive invisible attack surface has emerged: Non-Human Identities (NHIs). These are the service principals, API keys, and automated bots that run modern cloud businesses.

The Guardz research team found that these non-human identities now outnumber humans by a ratio of 25:1. 

Because these bots authenticate continuously and often operate with “elevated privileges and limited security oversight,” they have become a prime target for hackers seeking a persistent, stealthy way to remain inside a network.

Looking ahead to H2 2026: early predictions show cloud-based ransomware on the rise

The report concludes with a warning for the second half of the year. Experts predict that:

• Session hijacking will overtake password theft as the primary way hackers gain access to cloud accounts.
• Ransomware will move to the cloud, specifically targeting SharePoint and OneDrive files instead of just locking up computers.
• Google Workspace will see a spike in attacks as hackers realize many organizations have weaker security controls there compared to Microsoft 365.

“We’re building agentic security systems using the most advanced AI available. So are the attackers. The toolsets are converging, and the gap between defense and offense is narrowing faster than most people realize,” warns Doni Brass, SVP Product Strategy at Guardz.

Logically CEO Joshua Skeens joined Channel Insider: Partner POV to share his perspective on security trends and how they impact MSPs serving businesses of all sizes.

What MSPs need to know as they work with SMB clients in 2026

For MSPs, the data is yet another warning that SMB security is a high-stakes venture. 

As identity security expands alongside the attack surface, MSPs can build credibility as trusted advisors by proactively addressing their customers’ security concerns.

“Threat data shows that entry points haven’t changed; attackers are still getting in through identity gaps, weak controls, and misconfigurations, just faster and at greater scale. What determines outcomes now is how security is structured, whether signals across identity, email, endpoints, and cloud are connected and can be acted on in time,” said Dor Eisner, CEO and Co-founder of Guardz. 

“For MSPs, that means leveraging AI the same way attackers are, at scale, across every client environment, simultaneously. Our research shows AI-driven detection achieves 92.4% accuracy compared to 67% for human analysts alone. That gap is where MSPs either win or lose their clients’ trust,” Eisner continued.