The research, from Webroot – which drew in responses from IT professionals in 803 businesses across the US, UK and Australia – found that 80% of respondents viewed web 2.0 services as a serious problem in 2010.
And, say 73% of IT professionals, web 2.0-borne malware will be the major focus of attention in the next 12 months, mainly because these types of threats are more difficult to manage than email-based security problems.
Survey respondents also identified data security and confidentiality, data loss prevention and securing mobile plus laptop users as their top three priorities for web security in 2010.
Delving into the research reveals that 25% of respondents view operating system vulnerabilities as a problem, with 24% of IT professionals adding that unpatched client-side software – such as Adobe Flash/Reader, Apple QuickTime and Java – also posing security risks.
Surprisingly, however, only 24% of respondents said that they saw browser vulnerabilities as causing security problems, which suggest that older-style browser flaws (e.g., malware) are still causing headaches for IT staff and their firms.
One of the most revealing conclusions of the survey of IT professionals in firms of between 100 and 5000 people, was that 24% said their security had been compromised by staff accessing social networking sites, and 25% where employees had used peer-to-peer networking on the internet.
The survey also turned up the fact that most SMBs (88%) have employee internet use policies and 95% enforce that policy using hardware and/or system software.
Webroot says that the most commonly reported way that companies report they enforce policies is explaining the policy at employee orientation (69%) and sending reminders one or more times per year (44%).
In addition, more than half (56%) of SMBs have internet usage policies against visiting social networking sites.
Gerhard Eschelbeck, Webroot's CTO, said that businesses of all sizes are waking up to the reality that threats lurk in new places on the internet, including web 2.0 sites.
"Among our own web security service customers, we're now seeing about half restrict employee access to social networks as a pre-emptive strike against malware infections and data compromise, as well as
impacted productivity", he said.
"Because SMBs tend to have fewer layers of protection than large enterprises, we especially encourage them to keep up with the latest threat vectors by using a service that automatically stops web-based threats, filters web traffic and enforces internet use policies", he added.