Advanced persistent threats (APTs) are sophisticated cyber attacks that can breach networks undetected for long periods of time. They trick users into opening infected emails or files that install malware allowing remote access. One company was hacked for a year before detecting unusual late-night data downloads. Countering APTs requires identifying existing threats, protecting critical assets, assessing security vulnerabilities, and developing a risk management plan that limits access while maintaining operations. A holistic organizational approach is needed that changes culture, policy, technology, budgets, and planning to systematically respond to evolving threats.