Martin Hořický
Partner • Digital Services
Cyber Intelligence Services
OSINT and Threat Intelligence Services
Cyber Intelligence Services represent a systematic approach to identifying, analysing and evaluating threats that may impact an organisation, its employees, clients or business partners. The objective is not merely to collect information, but primarily to contextualise it and transform it into actionable insights supporting cyber risk management and strategic decision-making.
For regulated entities, particularly within the financial sector, OSINT and Threat Intelligence services are becoming a key component of compliance with European regulations such as DORA and NIS2, which emphasise continuous threat monitoring, early risk detection and the ability to respond to emerging attacks.
A reactive approach to security is no longer sufficient. Organisations must be able to identify threats before they materialise.
| Benefit | Description |
|---|---|
| Early threat identification | Monitoring of the dark web, hacker forums, data leaks and preparations for targeted attacks. |
| Reputation protection | Detection of fake domains, phishing campaigns and brand abuse. |
| Visibility of data leaks | Identification of compromised credentials of employees or clients. |
| Risk management support | Analysis of threats relevant to a specific sector or geography. |
| Strategic decision-making | Contextualised information for executive management and security teams. |
OSINT (Open Source Intelligence) focuses on the systematic search and analysis of publicly available information. This typically includes mapping the organisation’s digital footprint, identifying exposed assets, data leaks, brand mentions or information available across the open and deep web.
Threat Intelligence (TI) represents a broader analytical framework combining data from OSINT, specialised sources, technical indicators of compromise (IOC) and knowledge of attacker tactics and techniques (e.g. MITRE ATT&CK). The goal is not only to gather information, but to evaluate it in the context of a specific organisation and translate it into concrete security measures.
In simple terms: OSINT answers the question “What is visible about us?”,
while Threat Intelligence addresses “Which threats are realistically relevant to us and how should we respond?”
DORA and NIS2 emphasise that threat analysis must be conducted by qualified professionals with sufficient expertise and independence:
Cyber Intelligence Services form a natural foundation for the effective delivery of offensive security services such as TLPT, Red Teaming and penetration testing. Information gathered on current threats, attacker tactics and techniques (TTP), identified vulnerabilities and exposed assets enables testing to focus on realistic and relevant scenarios rather than generic attack models.
Threat Intelligence inputs can be used to define realistic attack scenarios within TLPT engagements, prepare infrastructure and techniques for Red Team exercises, or prioritise focus areas within penetration testing. This approach connects a strategic understanding of the threat landscape with practical verification of organisational resilience. The integrated model ensures that security testing reflects the organisation’s actual risk environment and delivers higher value from both a regulatory and ICT risk management perspective.
The DORA regulatory framework emphasises systematic ICT risk management, which includes continuous monitoring and evaluation of cyber threats. Key requirements include:
Establishment of a continuous monitoring process for cyber threats and vulnerabilities.
Assessment of the relevance of threats to specific business functions and critical assets.
Documentation of findings and their integration into risk management and incident response processes.
Sharing relevant threat information within the supply chain and with involved third parties.
Identification of monitored assets (domains, IP addresses, email addresses, brands, key individuals), geographical scope and sector focus.
Analysis of publicly available sources, social media, registries, DNS records and other open databases to identify exposed assets.
Continuous monitoring of the dark web, leak databases, phishing campaigns and discussion forums.
Evaluation of findings, assignment of indicators of compromise (IOC), and identification of potential business impact.
Structured output including technical analysis, risk assessment and concrete recommendations (e.g. password resets, domain blocking, security policy adjustments).
Support with implementation of measures, updates to the risk register and inputs for penetration testing or Red Team exercises.
BDO provides Cyber Intelligence Services as part of a comprehensive security strategy. We help organisations identify risks within their digital footprint, monitor emerging threats and make informed decisions based on relevant data.
01 Strong understanding of the regulatory framework
We understand the requirements of DORA and NIS2 and tailor our services to ensure that outputs are suitable for regulatory supervision, audit and ICT risk management processes. We also ensure alignment with other types of testing, including TLPT and penetration testing.
02 Independence and Credibility
As an independent advisory firm, we do not provide proprietary security technologies. We deliver objective assessments based on analytical evaluation of threats. Cooperation with BDO represents a clear signal of quality and credibility for both regulators and clients.
03 Certified Team with Extensive Expertise
Our specialists hold certifications including C|OSINT, C|TIA, OSCP, CRTP, eCPPT, BSCP, CEH, CRT, CPSA, CISSP, CCISO and others. They have experience working with major banks, insurance companies and ICT service providers.
