Most businesses do not have adequate IT security to protect against profit-driven targeted cyber attacks, says the Information Security Forum (ISF).
These attacks are being run by well-funded criminal networks that bring together specialist skills and expertise to defeat traditional defences, the ISF said.
Typically, the profit-driven attacks to steal bank and access details are targeted at high value organisations or individuals.
The ISF warned that most attacks are able to circumvent generic security controls, while anti-forensic techniques are used to remove traces such as deleting system logs.
Businesses need to go beyond the basic security measures of patch management, tight access control, intrusion detection and event log analysis, the ISF said.
Grega Vrhovec, researcher at the ISF, said businesses should monitor hacker forums to see if their data has been compromised.
"This will enable them to undertand how criminals are targeting them and how to notify banks and customers if necessary," he said.
Vrhovec said businesses should also share information on cyber criminals attacks with their peers to help prevent the same techniques being used on others.
"International anti-cyber crime organisations are failing to stop these targeted attacks and until the new UK police e-crime unit gets up and running properly there is no-one looking after business," he said.