Banks have also deployed on underlying servers technology for identifying the visiting laptop. If the hardware is unrecognized, then additional steps are needed before allowing entry.
"As a first layer, the industry has to step up authentication and not just rely on user name and password to access systems," Tubin said.
Organizations other than media that are often targets of APT attacks include defense contractors, multinational corporations, the military, think tanks and government agencies.
These likely targets need to change their thinking about security, experts say. Organizations can no longer think of security as something that can be covered by one or two products.
Instead, security requires employee education and constant changes to the tools in place in order to address the evolving tactics of attackers.
"Security is no longer just a product," Sverdlove said. "It is a process."
Sign up for CIO Asia eNewsletters.