If your business were a target of a well-funded malicious group, how would you know? For most victims, the initial exploited weakness was likely an opportunistic one, even when the damage done was significant. Victims of cyber espionage find themselves subject to a strategic set of actions. As highlighted in the report, cyber espionage teams are often well-funded and highly skilled. This combination allows them to infiltrate a business quickly and leave few traces behind which in turn increases the potential for ongoing damage. While their motivations might be financial, the rules they follow in their attacks will be unique to each team – even an outcome such as a ransomware demand might occur. Defending against such an attack requires businesses to identify what assets they possess and how those assets might be valuable to an attacker – be that as a stepping stone along the attack path or as a saleable commodity. The starting point in such a defence is a comprehensive inventory of all software, how it’s configured, its role within the organisation, how it’s connected to other software powering the business and what data it has access to. From there a data model can be created that maps users to data and systems in a manner that allows for audit rules to be defined. Once audit rules are in place, monitoring can begin which then feeds into monitoring for unexpected access. While this process can be daunting, it should be considered a work in progress which supports good business hygiene such as patch management, disaster recovery planning and compliance with data privacy regulations.  Read Less