Cybercriminals are increasing the number of attacks on social networks, says Sophos.
Sophos also said that two thirds of businesses are concerned that company employees share too much sensitive data on social networks, potentially putting firms at risk.
"What's needed is a period of introspection - for the big Web 2.0 companies to examine their systems and determine how, now they have gathered a huge number of members, they are going to protect them from virus writers, identity thieves, spammers and scammers," said Graham Cluley, senior technology consultant at Sophos.
"The honeymoon period of these sites is over, and personally identifiable information is at risk as a result of constant attacks that the websites are simply not mature enough to protect against."
Sophos said it has identified 22.5 million different types of malware in 2009, which is double the number identified in June 2008, while 89.7 percent of all business email received was spam.
The Security Threat Report also highlighted that the explosion of scareware or fake, paid-for anti-virus software online. The firm said it discovers around 15 sites offering these hoax antivirus programs each day - that's a three-fold increase on the same period in 2008.
"Novice computer users are clearly falling foul of this under-handed tactic to capitalise on their fear from infection," continued Cluley. "Your aunt Mabel may be aware that viruses and malware exist and that they're bad, but probably won't be savvy enough to distinguish between legitimate and phony anti-virus protection."
Download FREE whitepapers:
Take part in PC Advisor's Broadband Survey 2009
See also: 10 Facebook & Twitter privacy faux pas