What is OSINT?
OSINT stands for Open Source Intelligence and refers to the process of collecting and analysing information from publicly available sources to gain insights.
Breaking it down further, “Open Source” refers to public data that is accessible to anyone and “Intelligence” refers to the process of gathering that data to analyse.
It is utilised by various professionals including cyber security experts and the authorities to make informed decisions and identify threats. However, cyber criminals also exploit OSINT to gather sensitive information about businesses and people.
Where does OSINT information come from?
OSINT is collected from publicly accessible sources such as:
- Public Records – Government databases, court records
- Company Reports – Publicly available reports, including financial reports and ESG (environmental, social and governance) reports
- Websites – Broadcast news websites, blogs, forums and websites such as WhatDoTheyKnow, can be used to request answers from a UK public authority and by law, they must respond.
- Social Media – Accounts on X, LinkedIn and Facebook
- Images and videos – Popular online video sharing platforms such as YouTube and TikTok
- Academic Papers – Such as research articles, review articles, theses and dissertations
- Books – Including educational textbooks, encyclopaedias and general interest books.
Who uses OSINT?
Open Source Intelligence is a powerful and versatile tool used across industries for a multitude of reasons. It can help cyber security experts identify threats earlier and build resilience against them. It aids authorities with tracking down criminal activity and businesses can use OSINT to monitor trends and make smarter decisions.
- Cyber Security Experts Can Identify Threats Before They Strike: In the digital age, cyber criminals leave traces and OSINT aids security experts with finding them. By monitoring forums, social media, paste sites, and breached data dumps, cyber security professionals can detect early signs of phishing campaigns, data leaks, or exposed credentials. OSINT tools also help map an organisation’s digital footprint, revealing vulnerabilities before attackers can exploit them.
- Law Enforcement Can Track Criminal Activity: Police and investigative agencies use OSINT to gather intelligence on suspects, monitor online behaviour, and uncover illegal activities. From tracking down stolen goods on online marketplaces to identifying gang affiliations through social media, OSINT provides real-time, actionable insights.
- Journalism: Verifying Facts and Breaking Stories: Investigative journalists rely on OSINT to fact-check claims, trace digital evidence, and uncover hidden connections. Whether it’s geolocating a viral video or analysing satellite imagery, OSINT empowers reporters to tell accurate, compelling stories backed by verifiable data.
- Business Intelligence: Staying Ahead of the Competition: Companies use OSINT to monitor competitors, track market trends, and assess reputational risks. From analysing customer reviews to tracking product launches and financial filings, OSINT helps businesses make informed strategic decisions and stay competitive in fast-moving markets.
While OSINT is a powerful tool for combating cyber crime, ironically, it’s also used by cyber criminals to carry out social engineering attacks against us.
How do cyber criminals use Open Source Intelligence?
In today’s hyper-connected world, cyber criminals are utilising Open Source Intelligence to find out sensitive information about your business that is freely available online. This is a very different approach to traditional methods of hacking your systems to retrieve information, and they can instead do so legally, using online sources and tools.
Cyber attackers use OSINT information gathering to gain intelligence on your company, your employees, and your digital infrastructure. They scour publicly available sources, like your website, social media profiles, press releases, job postings, and even employee LinkedIn pages, to build a detailed picture of your organisation.
This information can include:
- Employee names, roles, and contact details
- Technology stacks and software in use
- Email formats and domain structure
- Office locations and internal processes
- Recent business changes or vulnerabilities
Once they’ve collected enough data, attackers can use this information against you to:
- Guess your passwords
- Craft convincing phishing emails that appear to come from trusted colleagues or suppliers.
- Launch social engineering attacks by impersonating staff or executives, much like the recent 2025 cyber attacks on M&S, Co-op and Harrods.
- Identify weak points in your infrastructure (e.g. outdated software or exposed services).
- Target specific employees with tailored scams or malware.
- This type of reconnaissance is often the first step in a larger cyber attack, such as ransomware, business email compromise (BEC), or data theft.
What you can do to protect your business from OSINT-based threats?
When research suggests that a third of businesses report having their operations impacted by a cyber related breach, understanding the repercussions of the information that you share online is important.
If your team isn’t aware of how much information they’re unintentionally sharing online, your organisation could be an easy target.
To help protect your business from OSINT-based threats, it is recommended that you:
- Audit your digital footprint – It’s important that you are aware of what’s publicly visible about your business.
- Train your staff – Regular training on social engineering and phishing awareness.
- Limit oversharing on social media and job boards.
- Use threat intelligence tools to monitor for exposed data.
How can we help protect your business from OSINT-based cyber threats?
We understand how easily publicly available information can be exploited by cyber criminals. That’s why our expert team is here to help businesses like yours stay one step ahead.
Through our comprehensive Cyber Security Services, we help you identify and close the gaps in your digital footprint before attackers can exploit them. Our tailored Cyber Security Awareness Training empowers your teams to recognise and respond to social engineering tactics that often stem from OSINT information gathering and with our in-depth Cyber Security Audit, we assess your current defences check for leaked company data on the dark web and provide actionable insights to strengthen your security posture.
It's also important to remember that in today’s threat landscape, a multi-layered approach to cyber security is vital. These layers do not always mean investing in additional services, but can often leverage technology and implementing secure configuration in your existing environment. From people to processes to technology, doing everything you can to protect your data means protecting your business and all businesses should build a security strategy and roadmap to evolve their layers of protection as cyber threats evolve.
