SANS reported that the attack of choice in many cases of cyber-espionage is a targeted spear phishing campaign that attempts to dupe workers into opening tainted attachments made to appear as if they come from people they work with.
The content of the virus-laden attachments is often tailored to look exactly like legitimate materials that the employees involved might send to each other, making it more likely that users will open the messages and remain unaware that they may have been compromised, Paller said.
Attackers crafting the messages most often use newly discovered Microsoft Office vulnerabilities, also known as zero day flaws, to further hide their activities and to circumvent anti-virus systems, according to the expert.
"This type of business-driven cyber-espionage is already happening a lot more frequently than some people might think," said Paller. "We're only finding real evidence because more companies are hearing from law enforcement when someone finally discovers the stolen data."
On the flip side, SANS is also predicting that so-called insider data theft carried out against U.S. businesses by trusted employees will also continue to flourish.
One of the factors accelerating that trend is the ability for attackers to attempt to attack their employers both from inside their networks and from the outside using known vulnerabilities they discover in their work, the group said.
With traditional security perimeters increasingly being taxed by the use of mobile devices that are allowed to come onto corporate networks from outside the workplace, SANS said that workers are finding many new opportunities to sneak information out the door and sell for a profit.
One of the key strategies that organizations need to embrace to thwart the insider problem is to put into place more substantial defenses that limit access to various IT systems and data stores based on the specific level of admission to those assets that individuals need to do their jobs, the training group said.