To be fair, page 11 of Cisco's 2010 Midyear Security Report mainly focuses on the huge time sink Facebook games represent for otherwise productive workers (see image). But the report also tries to sell the games as some sort of ill-defined security risk to company computers. "It's safe to assume that online criminals are developing ways to deliver malware via popular applications," the report states. "Heavy users love to search the web for cheats and tricks for better play, so they may fall victim to malware-laden links or spam messages offering such shortcuts."
While we've seen isolated cases of malware popping up in game ads and fake "strategy guide" scams, Cisco's case seems a bit overblown to us. Just because it's "safe to assume" hackers are targeting Facebook games doesn't mean that companies' critical servers are under imminent threat from Farmville-playing employees. In fact, if any such malware were to show up as part of the most popular Facebook games, it would likely be quickly discovered, reported and (hopefully) neutralized by the game-maker before it could spread too far.
To its credit, the Cisco report does say that simply banning all employee access to social networks is an overly severe solution to this problem. "Businesses must balance the need to provide access to collaboration tools with the need to manage enterprise security," the report states. Amen to that.