Canaries!
A simple enough 'canary' logging (yes also goes to another box) rule in your firewall/gateway tells you who's looking, how often etc and frequently also ties up with spammer 'probing proxies' or 'completely legitimate business enterprises' like one featured in a certain paper yesterday (not mine!) as 'google for hackers' and will probably appreciate the free advertising.
As for the 'everyone leaves a trace', this is well known but it only seems like there is a super unseen elite because webmail providers ignore attempts to communicate clumps of relay attempts, ISPs ignore notifications of streams of login attempts, universities have officially sanctioned 'research' scans, and cloud providers hide behind the 'customers are not our problem, even breaches of the Computer Misuse Act or whatever it is called in your juris-my-diction'. No names because people always get scarily defensive about their chosen provider (for meanings of 'their' and 'chosen' and probably also 'provider').
Companies don't care and puny individuals can go whistle. So all we can do is lock stuff down as hard as possible and hope for the best. Or unplug everything.
Biting the hand that feeds IT
