MN Risk Research
- Minnesota Business Technology & Email Security Snapshot
A public-signal review of 389 organization profiles, highlighting common DNS, email, vendor, and security-hardening patterns visible from outside the network.
Security Starter Pack
General Printables
Local Resoureces
Important Links
- Shared Assessments SIG
- NIST CSF 2.0
- NIST Cybersecurity Supply Chain Risk Management
- NIST SP 800-161 Rev. 1
- NIST SP 800-53 Rev. 5
- CISA Vendor Supply Chain Risk Management Template
- CIS Critical Security Controls
- ISO/IEC 27001
- AICPA SOC Suite of Services
- NIST Privacy Framework
- FTC Safeguards Rule
- HIPAA Security Rule
- PCI DSS
HR Security & Fake Worker Risk
Remote hiring, contractor onboarding, and outsourced technical work can create security risks that many organizations do not think of as cybersecurity issues. These resources cover fake employees, fraudulent remote IT workers, identity manipulation, overemployment, insider risk, and HR/security coordination.
FBI: North Korean IT Worker Threats to U.S. Businesses
Current FBI guidance on fraudulent remote IT workers, laptop farms, U.S.-based facilitators, and risks introduced through hiring and staffing workflows.FBI: North Korean IT Workers Conducting Data Extortion
Practical warning signs and controls for identity verification, onboarding, remote access monitoring, staffing firms, and suspicious applicant behavior.U.S. Government Advisory: DPRK IT Workers
Joint advisory covering how DPRK IT workers hide identity and location, red flags for hiring freelance developers, and sanctions-related risks.CISA: HR’s Role in Preventing Insider Threats
Fact sheet on how HR can help detect, deter, and mitigate insider threats through screening, reporting, offboarding, and behavioral awareness.Microsoft: Detecting Infiltrating IT Workers Across Cloud and Identities
Technical detection guidance for HR SaaS, identity systems, cloud apps, and post-hire monitoring of fraudulent remote worker activity.KPMG: Navigating the Rise of Fake Worker Fraud
Business-focused overview of fake worker schemes, including forged identities, deepfake video, laptop farms, payroll fraud, and mitigation controls.Ogletree: Overemployed Remote Workers
HR/legal overview of undisclosed multiple employment and policy considerations for remote work, conflicts of interest, and outside employment.
Stay informed with leading cybersecurity reports from trusted industry sources. These reports provide insight into current threats, attack trends, and practical defensive strategies.
Executive & Board-Level Reports
High-level insights focused on business risk, trends, and decision-making.
Verizon Data Breach Investigations Report (DBIR)
Industry-leading analysis of real-world breaches, attacker patterns, and what actually leads to compromise.Microsoft Digital Defense Report
Global view of cyber threats across identity, endpoints, and cloud from Microsoft’s vast telemetry.IBM X-Force Threat Intelligence Index
Executive-focused report covering attack trends, industry targeting, and risk drivers.Cloudflare Radar Year in Review
Internet-scale data on traffic patterns, AI adoption, DDoS attacks, and security trends.Akamai State of the Internet / Security Reports
Internet-scale threat research on web attacks, APIs, bots, DDoS, ransomware, and defensive actions.
Technical & Incident Response Focused
Detailed reports based on real incident response engagements and attacker behavior.
Palo Alto Unit 42 Incident Response Report
Deep dive into real breaches, attacker dwell time, and common entry points.Sophos Active Adversary Report
Practical breakdown of attacker techniques observed during incident response.Cisco Talos Year in Review
Threat research and operational insights from one of the largest threat intel teams.SANS Internet Storm Center
Ongoing analysis of emerging threats and global attack activity.Censys State of the Internet Report
Internet-wide research on adversary infrastructure, command-and-control services, exposed systems, and attacker operations.GreyNoise Mass Internet Exploitation Report
Data-driven look at large-scale scanning, exploitation patterns, and how attackers prioritize exposed vulnerabilities.
Threat Intelligence & Nation-State Activity
Focused on advanced threats, adversary behavior, and global threat actors.
CrowdStrike Global Threat Report
Insights into nation-state activity, eCrime trends, and adversary tradecraft.Google Threat Horizons Report
Cloud-focused threat intelligence and attacker behavior trends.Recorded Future Threat Intelligence Reports
Intelligence-driven analysis of geopolitical and cyber threats.Flashpoint Threat Intelligence Reports
Deep insights into cybercrime ecosystems and underground activity.
Specialized & Domain-Specific Reports
Focused on specific attack surfaces like email, DNS, OT, and vendors.
Fortinet Global Threat Landscape Report
Broad threat trends across network, endpoint, and operational technology environments.Fortinet State of OT Cybersecurity
Focused on industrial and operational technology risk.Proofpoint State of the Phish
Human-targeted threats including phishing, social engineering, and email risk.Mimecast State of Human Risk
Trends in email threats, insider risk, and collaboration platform exposure.Infoblox DNS Threat Landscape Report
DNS-based threats, command-and-control activity, and network-layer risks.NETSCOUT DDoS Threat Intelligence Report
Global DDoS activity across countries, industries, autonomous systems, attack vectors, and botnet behavior.Imperva Bad Bot Report
Annual analysis of automated internet traffic, malicious bots, credential stuffing, scraping, and API abuse.
Government & Public Sector Intelligence
Free, authoritative reports and advisories from government organizations.
ENISA Threat Landscape Report
European Union analysis of major cyber threats and trends.CISA Cybersecurity Advisories
U.S. government alerts on active threats, vulnerabilities, and mitigation guidance.
How to Use These Reports
Most businesses don’t need more tools—they need better prioritization.
These reports help you:
- Understand what attackers are actually doing today
- Identify which risks are most relevant to your business
- Prioritize security investments based on real-world data
- Align cybersecurity decisions with business impact
If you need help translating these insights into a practical security strategy,
reach out here.