Attackers will do as much background investigation on a company as they can to be able to pinpoint the intellectual property they want, and what employees are closest to it, McKnight said.

RSA, which organized the panel discussion, knows about the problem itself all too well.

In March, RSA acknowledged it was hit by an APT attack that resulted in the theft of undisclosed information about its SecurID product. The problems only seemed to grow. Lockheed Martin recently disclosed that it was hit by an attempted APT that in part made use of this stolen information related to RSA SecurID tokens. Lockheed does not believe that the attackers managed to steal sensitive information, however.

After the attack on Lockheed Martin linked in part to SecurID, RSA offered existing customers a free swap to new RSA SecurID tokens. Gartner analyst John Pescatore said his firm is advising clients to definitely take the swap-out if they use SecurID for authentication of any external, Web-facing purpose, though it's viewed as less imperative for internal use. Alternatively, they can move to a new token vendor, he said.

As for preventative measures, David Walter, senior director of products at RSA, said there's a need for companies to "get serious about user training" of employees to resist attack methods such as social engineering. RSA has divulged that the APT strike on it started with someone opening a malware-filled attachment.