Three out of four IT professionals believe Web 2.0-based malware will pose the biggest security threat this year, according to research from Webroot. The security vendor revealed that 73 percent believe web-based threats are more difficult to manage than email-based threats.

Furthermore, 23 per cent said their company was vulnerable to attacks on Web 2.0 applications including social networks such as Facebook and Twitter, while a quarter said they were open to hackers that exploit flaws in Microsoft operating systems.

A further 24 per cent said browser bugs made them vulnerable to attacks.

Webroot said a quarter of companies were compromised by employees who accessed social networks from corporate computers, while 32 per cent admitted staff downloading media had caused a security issue and 23 per cent blamed personal webmail accounts for attacks.

Social networking is coming, so CIOs must plan, read the full opinion of Rik Ferguson here

Nearly two thirds of IT professionals said their company had been attacked by viruses, while 57 per cent had been affected by spyware and 32 per cent had seen an SQL injection attack on their website.

"Businesses of all size are waking up to the reality that threats lurk in new places on the web including Web 2.0 sites," said Gerhard Eschelbeck, chief technology officer at Webroot.

When it comes to internet use policies, 88 per cent of companies said they had one and 95 per cent of those said they enforced the policy. More than half (56 per cent) also said that banned social network se during the working day.

"Among our own web security service customers, we're now seeing about half restrict employee access to social networks as a preemptive strike against malware infections and data compromise, as well as impacted productivity," said Eschelbeck.

Eschelbeck advised companies to keep up with the latest threat vectors by using a service that automatically stops web-based threats, filters web traffic and enforces internet use policies.