Security risks are ever-present on web sites and on any network where your webserver lives. This is a fact of life, just as the sun rises and goes down at the end of the day. By design, a web server requires an opening between your network and the rest of the world, so the level of exposure and risk is high. This is why you need protection against these threats.
How Much Risk?
There are two components to your network’s security, one is considered internal and the other external. Depending on how well your web server is locked down, meaning patched and updated frequently, with highly secure passwords and firewalls in place, you could be at a low risk.
If your internal network consists of other users who frequent the internet and don’t comply with strict internet and security rules, then you could be exposing your network to a higher risk.
Depending upon the type of information that your network uses, whether it’s only superficial documents or credit card numbers and customer data, then you need to apply a second tier of security to protect those assets and you could be therefore targeted at a higher level from outside threats. This increases your risk.
Should you Be Worried?
Poorly written code for your web server can be a culprit that exposes your network and your site to risk. Having your webserver scanned by professional scanning tools will expose these issues and provide a path for your developers to write more secure code.
A system administrator who doesn’t regularly update the software packages installed on the webserver or keep up with security patches is putting not only the web server at risk, but the entire network at risk too. Not only is the web server’s data at potential risk of being compromised (which is a much more higher risk if this is customer-centric data and credit card information), but this failure can also expose the entire internal network, providing holes for hackers to penetrate other systems within the network.