A quarter of companies have been exposed to phishing attacks through social networks. That's according to security company Sophos, adding that two thirds of businesses are concerned that company employees share too much sensitive data on social networks, potentially putting firms at risk

According to the company's Security Threat Report a quarter of firms have been exposed to spam, phishing or malware attacks via sites such as Twitter , Facebook, LinkedIn and MySpace.

"What's needed is a period of introspection - for the big Web 2.0 companies to examine their systems and determine how, now they have gathered a huge number of members, they are going to protect them from virus writers, identity thieves, spammers and scammers," said Graham Cluley, senior technology consultant at Sophos.

"The honeymoon period of these sites is over, and personally identifiable information is at risk as a result of constant attacks that the websites are simply not mature enough to protect against."

Sophos said it has identified 22.5 million different types of malware in 2009, which is double the number identified in June 2008, while 89.7 percent of all business email received was spam.

The Security Threat Report also highlighted that the explosion of scareware or fake, paid-for anti-virus software online. The firm said it discovers around 15 sites offering these hoax anti-virus programs each day - that's a three-fold increase on the same period in 2008.

"Novice computer users are clearly falling foul of this under-handed tactic to capitalise on their fear from infection," continued Cluley. "Your aunt Mabel may be aware that viruses and malware exist and that they're bad, but probably won't be savvy enough to distinguish between legitimate and phony anti-virus protection."