Gartner says advanced persistent threats are over-hyped and distracting.
Advanced persistent threats was a controversial term used to describe multi-vector attacks.
Distinguished analyst John Pescatore said adding more layers of defence does not necessarily increase security in line with threats.
He said that the most important issues were the vulnerabilities and the techniques used to exploit them, not the country that appears to be the source of an advanced persistent threat.
“The major advance in new threats has been the level of tailoring and targeting, these are not noisy, mass attacks that are easily handled by simple, signature-dependent security approaches," Pescatore said.
“Targeted attacks are penetrating standard levels of security controls and causing significant business damage to organisations that do not evolve their security controls.
“Organisations need to focus on reducing vulnerabilities and increasing monitoring capabilities to deter or more quickly react to evolving threats."
Gartner said the threats were best fought with security in-depth, more staff, specialised threat detection, network forensics and situational awareness technologies.
Lance James, director of intelligence at Vigilant said reporting of advanced persistent threats had increased this year.
“APTs have been around for a long time. The information security community has been playing catch-up against a surge of cyber crime that started around 2003," he said.
"We're technically becoming proficient and effective in identifying and preventing them, but many companies were not, and still are not, equipped to detect these threats, nor were they ready to announce such breaches publicly."
Frank Coggrave, general manager of EMEA at Guidance Software, said organisations must focus on incident response plans to mitigate breaches.
“Organisations can then establish where the attacks have come from and ensure rapid reaction and diligence in dealing with the threat.”