Nearly 3 terabytes of data stolen in Panama Gate scandal will shortly become searchable online. Mossack Fonseca, the breached legal firm behind one of the largest data leaks in the history, had numerous high-risk vulnerabilities in its front-end web applications. Even if your corporate website doesnt contain a single byte of sensitive data, its still a perfect foothold to get into your corporate network. Even with PCI DSS 3.2 that now requires to have a multi-factor authentication to access the Cardholder Data Environment, it does not mean that web applications within the CDE scope shall be properly protected.”]
Source: https://informationsecuritybuzz.com/articles/five-common-myths-web-security/