As for defending against spear phishing, neither expert had a clear-cut answer. "There's no silver bullet," said Jevans, though he noted that isolating browsers and email clients in anti-malware "sandboxes" shows promise.
"There's not one thing that will stop this," echoed Haley. "All it takes is one user who goes into their junk mail folder and clicks on a link. We have to continue developing technical solutions, but if we ignore user education about targeted attacks we do ourselves a disservice."
Sign up for CIO Asia eNewsletters.