To a specialist corporate investigations company like Blackhawk Intelligence, cyber intelligence represents the logistical process behind cyber threat information analysis – encompassing, but not limited to, the measures by which businesses implement strategies to protect themselves from fraud and/or data loss.

For those businesses that find themselves at risk of potential digital threats or on the receiving end of sustained online attacks orchestrated by well-organised cyber criminals, there exists a perpetual security crisis.

The evolution of intelligence

Historically, where wars are concerned, reliable intelligence and effective intelligence gathering tactics are the major deciding factors in the outcome of combat scenarios. From the complex deciphering of the Enigma Code to the nuanced, covert operations of the Cold War, intelligence gathering techniques, cryptographic skills and the methods used to decipher them have changed dramatically over time. In keeping with the status quo and the changing makeup of the technological landscape, it’s only natural that our means of tracking, analysing and countering digital security threats have also drastically evolved.

Intricately encrypted data files have replaced coded radio messages, and today, it is more difficult than ever to break down sophisticated security measures. Despite this, however, while there is less room for human error with these more advanced technologies, errors still exist. For many, failing to understand the scale and magnitude of a potential threat is the first mistake made, with a failure to understand or interpret cyber-crime and its patterns of action a close second, followed by a failure to ensure the security of your data and information across all mediums. In days of war the mantra was, “careless talk costs lives” – today it can easily be rewritten as “careless security costs business”.

In essence, the current digital climate lends itself best to those with a meticulous eye for detail and a tendency to leave no stone unturned. If you think you’ve covered every possible weak spot that could potentially leave you vulnerable – you haven’t. Such is the nature of cyber intelligence, no matter how comprehensive you think your security is, it can always be more secure, more impenetrable and better protected with the right strategies in place – that is where our specialist corporate security teams come in to help.

What’s cyber intelligence

According to the United States Department of Defence, cyber intelligence is:

  1. The product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations.
  2. The activities that result in the product.
  3. The organisations engaged in such activities.

With respect to business, this translates to the methodology by which organisations and companies are able to mitigate potentially hostile threats through collecting data and information relevant to their security, and then utilising this information to develop and implement a strategy for better protecting their operation, assets and interests.

Categorised intelligence disciplines

There are various categories of intelligence disciplines, which can be used to underline the different ways business and cyber intelligence become applicable – several of which underline Blackhawk’s own intelligence products. These are:

  • HUMINT: Human Intelligence derived from human to human interaction.
  • OSINT: Open Source Intelligence gathered from publicly available sources.

There are other categories more applicable to military intelligence, such as:

  • SIGINT: Signals Intelligence usually refers to electronic mediums from sources such as satellites.
  • GEOINT: Geospatial Intelligence such as images taken from aircraft.
  • MASINT: Measurement and Signature Intelligence such as radar data and nuclear radiation readings.

While these disciplines are more commonly associated with counter-intelligence and military measures employed by government agencies and contractors, lessons can still be learnt with respect to business-related cyber intelligence. GEOINT, for example, has applications in the world of corporate surveillance and evidence gathering – providing capabilities to tie suspected fraudulent activity to a time and place supported by photographic evidence.

For the most part, our interaction with these discipline definitions comes in the form of HUMINT, OSINT and GEOINT – whereby data are collated and gathered through these means, and then a strategy is devised according to them.

Cyber intelligence is a circular process

The process for developing effective cyber intelligence strategies relies on the steps mentioned above that “result in the product”, those being the “collection, processing, integration, evaluation, analysis, and interpretation” of relevant data and information. Essentially, these steps represent the cycle of cyber intelligence, whereby the process itself is on-going rather than linear. For the purposes of intelligence applied to businesses we set things out as follows:

Intelligence planning

What is it that you are trying to protect and against what? A key part of this step for our clients is threat assessment. Where do you perceive your vulnerabilities to be and what types of threats are you vulnerable to? It could be navigating something as simple as phishing emails or malware attacks through email. Understanding this is critical in setting the goals and objectives for your cyber intelligence operation and any counter-measures you implement.

Intelligence collection

Where is the evidence of attack and in what form, where are your sources of data located? This might be common server logs or email transcripts. Equally, more sophisticated intelligence might include broader programs of employee or supplier surveillance. We’ve all probably seen the extent to which criminal organisations go to produce counterfeit goods, sometimes they have inside people that need uncovering through surveillance and intelligence gathering.

Intelligence processing

Data gathered will come in many forms. It needs to be ‘humanised’ so it can be processed, analysed and interpreted. A server log for instance has many types of data, from user visits to the types of ‘agents’ accessing a system. Extracting the information that is relevant is crucial to efficiently process the data.


The goal may be to deliver a document or a series of recommendations or an urgent action plan. Whatever the goal is, the data collected needs to be analysed and interpreted, either by Blackhawk or your own team, and turned into something that can be used by all departments and parties involved in improving security.


The simple process of disseminating the relevant information and subsequently making sure that those who need to know, know.


Sometimes it’s not possible to satisfy all of the stakeholders relevant to the secure operation of your business. It’s therefore important to make sure that the ‘product’ you deliver fits their needs too.

As mentioned above, this is a circular process, and intelligence gathered always leads to further insights that your business will potentially be required to improve further down the track, so; rinse and repeat, is the order of the day.

The threat is a real and present danger

When it comes to effecting a successful cyber intelligence solution, you need to be aware that your organisation’s business interests are under threat, if not already under attack. Even if you haven’t been on the receiving end of a security breach or a fraud attempt, it’s naïve to think that your business isn’t potentially at risk. The fact is, all businesses are susceptible, regardless of size, market share or structure and as such, good corporate governance demands appropriate action, particularly if it is pre-emptive.

That’s the essence of a good corporate intelligence program; giving you an inside track on the threat landscape and illuminating the steps you can take to mitigate risk. In the interests of safeguarding your business, investing in gathering and properly implementing quality intelligence is of paramount importance – use the tools at your disposal to nullify your threats before they use them against you.

If you’d like to learn more about how your organisation can improve its business intelligence gathering capabilities, call Blackhawk Intelligence on +44 (0)20 8108 9317.

If you liked this article, you might also like: