The study, which forms part of Sophos' Security Threat Report 2010, shows that 57% of social networking users have reported receiving spam, as compared to 33.4% a year ago. In the same period, the IT security vendor says that the number of those firms reporting social networking malware attacks rose from 21.2% to 36%.
Graham Cluley, Sophos' senior security consultant, says that the reason for the surge is that computer users are spending a lot more time on social networks, sharing sensitive and valuable personal information.
It's therefore no surprise, he said, that hackers have determined where the money is to be found.
In a blog posting, Cluley said that the cybercriminals don't just want to infect users' computers via social networks to steal their online banking details. Increasingly, he says, they're after data which may help them compromise your organization.
In its poll of more than 500 companies, Sophos reports that 72% of firms are worried that workers' behavior on social networks may be putting their business at risk. As a result, the company says, corporate infrastructure – and the sensitive data stored upon it – are in danger if they not properly secured.
"What's fascinating is that despite the rising fears of social networks, 49% of firms have given permission to all their staff to access Facebook at anytime during the day, a 13% rise on a year ago", said Cluley. "Indeed, Sophos' research indicates that productivity – rather than malware or data leakage – continues to be the number one reason for blocking access to Facebook, for those companies who do apply restrictions", he added.
According to Cluley, social networks are an essential tool for many companies today, giving them an opportunity to be closer to their customers and build a community around their brand. And for that reason, he says, it's becoming harder and harder to block the social networks from inside companies.
"And even if blocks are put in place are you confident that your staff won't attempt to waltz around them?", pondered Cluley.
"My feeling is that social networks are here to stay, and we have to accept them and secure them the best we can. That means deploying technology to scan every website and link clicked on by users, educating staff about the safe use of social networks, and calling upon the networks themselves to increase their protection against threats", Cluley noted in his blog.
And, he observed, if this isn't done then we'll all be facing the grim irony that "just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft is becoming ever greater."