As potent as spearphishing has been in delivering APT payloads, its monopoly of the task may be challenged in the future.
"Over time, we're still going to see spearphishing being a key factor, but it's not going to be the sole first weapon used in an attack," Trend Micro's Sherry said. "It could be much more focused on social engineering and social media attacks."
Those attacks could deploy fake LinkedIn profiles or Facebook Pages to gain the trust of targets, he added.
"Spearphishing is usually in the form of email direct campaigns," Sherry said. "This would circumvent that and go directly to social media, which is becoming more popular to connect with people and find out pertinent information within your subject or industry."
Sign up for CIO Asia eNewsletters.