Cybersecurity in the Age of Evolving Threats: Dinis Guarda Interviews Eric O’Neill, National Security Attorney, Cybersecurity Strategist, And Legendary FBI Operative

In the latest episode of the Dinis Guarda YouTube podcast, Eric O’Neill highlights the increasing threats posed by cybercriminals and espionage actors in the fast moving digital economy. He also discusses the essence of cybersecurity measures in the era of dark web. The podcast is powered by Businessabc.net, citiesabc.com, and Wisdomia.ai.

Eric O'Neill is a national security attorney, corporate investigator, national cybersecurity strategist, and legendary FBI operative whose undercover work brought down Robert Hanssen, the most notorious and damaging spy in United States history.

Eric tells Dinis that during his time in the FBI, he observed outdated methods being used to analyse information, such as manually laying out data on conference tables. This inspired him to develop a “threat analysis” program, which used data over time to predict espionage activities.

As Eric explains, his background in understanding espionage “gave [him] a very specific way of thinking about the world and how you can use data and information to make the best decisions.” This mindset laid the foundation of his understanding as he transitioned into tackling cyberthreats. His approach to cybersecurity is not solely about defending systems but proactively understanding the minds of attackers, whether they are nation-state actors or criminal syndicates.

“Cyber security tends to spend too much time on defence. What I bring to cybersecurity is counterintelligence. It doesn't mean you're sitting and waiting for something to happen; it means you are sending spy hunters out to go find the bad guys before they launch their attack. That is the transition that has to be made and is being made by some of the top cybersecurity companies", said Eric. 

Sharing his experiences and learnings from his role as a spy hunter, Eric highlights that the same methods used in counterintelligence could now be applied to cyberattacks. He points out that cybercriminals have learned from spies, adapting espionage techniques to steal data. “There are no hackers; there are only spies,” he emphasises, suggesting that cybercrime is merely a modern iteration of traditional espionage.

The rise of cybercrime and the Dark Web

During the interview, Eric highlighted that the dark web now functions as the third-largest economy in the world, following the U.S. and China. 

“The actual cost that the dark web will affect the world economy in 2024 is over 12 trillion and my prediction is by 2026, it will be at 20, if you just look at the astronomical growth of cybercrime.”

He also reveals that cybercriminals are now adopting social engineering tactics borrowed from espionage. They are no longer relying solely on brute-force hacking but are instead using deceptive methods to manipulate individuals into granting access to sensitive data. With the rise of AI-powered avatars, these tactics are becoming even more sophisticated, enabling criminals to convincingly impersonate trusted colleagues or executives.

“We have to worry about this because this unchecked crime means that more young enterprising people are deciding to become criminals because it is not seen as the same crime as, say robbing a bank with a firearm. Call centers are springing up in countries all over the Earth and crime is increasing. This is why those working in cyber security are starting to work and solve the problem themselves and the way to do that is to become more resilient than strong”, he says.

Counterintelligence: The future of cybersecurity

Eric comments: “Cybersecurity tends to spend too much time on defence, and defence doesn’t work.” Instead, he advocates for a counterintelligence approach, where organisations must be proactive in identifying and neutralising threats before they escalate.

“Cybersecurity is deploying AI in order to do a lot of threat hunting behind the scenes, and it has to be that way because at the same time the major cybercrime syndicates who are launching their attacks off the dark web are using their own AI. They are deploying AI not only to launch attacks and perfect those attacks and write code. 

The technology is progressing very fast and criminal attackers are also using AI to do what's called counter surveillance. So, they're using AI to look for cybersecurity when they're launching infiltration attacks.

So, while it's happening there is a war right now war over our data, the very currency of our lives. So, protecting that data is important because everything we have is in data - from all of our money down to those favourite family pictures spanning years that you just can't afford to lose - it's all data. So, we need to protect it.

In order to stop attacks, it's not just robust technology or training. It is getting people to start thinking like spy hunters. We’ve got to change our mindsets, you have to think like someone who's trying to stop a spy, not someone who's trying to stop the kid in the basement with the hoodie, but a full group of people who have just spent weeks learning everything about you in order to craft the perfect attack. It's just the old spy playbook in a brand-new cybercrime world”, says Eric.

The Invisible Threat

Eric has authored notable books sharing his deep experience and insights in espionage and cybersecurity. His memoir, "Gray Day: My Undercover Mission to Expose America's First Cyber Spy" (2019), details his undercover operation to expose Robert Hanssen, offering a comprehensive account of his role in one of the most significant espionage cases in U.S. history. The book has been praised for its detailed narrative of the investigation. 

Eric's upcoming book, "The Invisible Threat", scheduled for release in 2025 by HarperCollins, will provide readers with strategies to defend against current cyber threats. Building on his extensive experience in cybersecurity, this book aims to equip readers with practical knowledge to protect themselves from modern cyber dangers.

“It’s a non-fiction true story about cybercrime and why it is such a burden on society right now, how it has grown so large, and what the dark web is. All of this through storytelling. I'm going to tell stories about actual cyberattacks, cyber-Espionage, cybercrime attacks - some of the biggest ones in history, to some of the smaller ones that I personally dealt with, to one that actually got me.

In the first part of the book, I will teach you how to think like a bad guy. All the ways that they are attacking us using deception, using impersonation, - using confidence schemes, all the ways they're using AI to fool us. This is the longest part of the book - putting you in the mind of the bad guy so that you understand the way they're going to attack you.

Then the second part is thinking like a spy hunter, acting like a spy hunter - actively identifying the attacks before they compromise you and then stopping them in their tracks”, he tells Dinis.

Corporate Security and social engineering

For businesses looking to protect themselves from cyber threats, Eric offers practical advice. He emphasises the importance of preparation, including understanding where critical data is stored and who has access to it. Privilege control and compartmentalisation—concepts borrowed from his counterintelligence background—are crucial to limiting the damage in the event of a breach.

Eric also stresses the need for ongoing assessment, as business environments are constantly evolving. Regularly revisiting cybersecurity plans and ensuring that they adapt to new threats is essential. 

Finally, Eric warns that reliance on passwords alone is no longer sufficient; two-factor authentication and other advanced security measures are now the minimum standard.

Concluding the interview, Eric tells Dinis about the future jobs in cybersecurity:

“One thing is to specialise in cyber security, specialise in threat hunting, specialise in the particular Sciences, in the CounterIntelligence of cybersecurity. 

We need so many more innovative bright young minds who will be the next solution to solving the world from all of these cyber-attacks. I tell young people all the time when I speak that even our big military branches in the US all have this massive cyber warfare and defence centres where they're training the next round of officers and how to defend against this sort of attacks because they know that the next war is going to be primarily fought in cyber.”