"Social engineering can overcome this obstacle too, as in some cases carefully crafted messages will attempt to persuade the victim to disable the solution that protects a computer. It's a highly adaptive threat, constantly changing shape and baits," he says.

Once someone has control of the employee's computer, it is a much easier task to begin to mine data and dig deeper into company systems, according to Sophos' Forsyth.

"In the case of the , the loss of customer data resulted in a fall in market capitalisation of ," he says. "It took almost 70 years to establish the brand value of Sony, but in a matter of days this value was destroyed simply by careless data keeping."

Social engineering attacks can go undetected when downloading malware and when attackers gain access to a system, warns Check Point's McKinnel. From there, a system can be compromised by releasing critical passwords, or using an organisation's resources as part of a botnet to send spam.