Traditional security technologies are becoming increasingly ineffective as anti-virus firms struggle to keep pace with organised criminal gangs, IT analysts will warn this week's RSA conference.
Criminals are generating new variations of viruses and Trojans at a rate that outstrips the ability of security companies to develop new signatures, delegates will hear.
"A lot of the mainline products that people have been buying for years are not much more than 30%, 40%, or 50% effective at detecting any given corpus of malware," said Andrew Jaquith, analyst at Yankee Group.
The trend will place renewed pressure on organisations to invest in educating their staff to minimise the risk of infection when they use IT in the workplace.
Criminal groups are making big profits by releasing hundreds of versions of the same malware, each of which potentially requires a new signature, to slip through anti-virus defences, said Jaquith.
"The bad guys are doing a better job at sharing information than the good guys," he added.
Ray Wagner, research vice-president at Gartner, said that businesses would have to focus more on the "human factors" of security to defend themselves.
"Most end-users are not capable of recognising what is malicious malware and what isn't," he said.
And in the longer term, security suppliers would have to adapt by creating technologies based on whitelisting safe programs, rather than blacklisting malware and blocking malicious behaviour, said Jaquith.
George Tubin, senior analyst at TowerGroup, cautioned that it was a never-ending battle. "The fight against fraud and malware is not a single battle to be won. We are never going to get on top of it and fix the problem," he said.
Related article: CPS tackles e-crime
Comment on this article: firstname.lastname@example.org