Three out of four IT professionals believe Web 2.0-based malware will pose the biggest security threat this year, according to research from Webroot. The security vendor revealed that 73 percent believe web-based threats are more difficult to manage than email-based threats.

Furthermore, 23 percent said their company was vulnerable to attacks on Web 2.0 applications including social networks such as Facebook and Twitter, while a quarter said they were open to hackers that exploit flaws in Microsoft operating systems.

A further 24 percent said browser bugs made them vulnerable to attacks.

Webroot said a quarter of companies were compromised by employees who accessed social networks from corporate computers, while 32 percent admitted staff downloading media had caused a security issue and 23 percent blamed personal webmail accounts for attacks.

Nearly two thirds of IT professionals said their company had been attacked by viruses, while 57 percent had been affected by spyware and 32 percent had seen an SQL injection attack on their website.

"Businesses of all size are waking up to the reality that threats lurk in new places on the web including Web 2.0 sites," said Gerhard Eschelbeck, chief technology officer at Webroot.

When it comes to internet use policies, 88 percent of companies said they had one and 95 percent of those said they enforced the policy. More than half (56 percent) also said that banned social network se during the working day.

"Among our own web security service customers, we're now seeing about half restrict employee access to social networks as a preemptive strike against malware infections and data compromise, as well as impacted productivity," said Eschelbeck.

Eschelbeck advised companies to keep up with the latest threat vectors by using a service that automatically stops web-based threats, filters web traffic and enforces internet use policies.