No doubt you are already protected by a bunch of clever security tools. And you feel good !
For example:
you may be using a real-time IP blacklist that blocks requests from IP addresses that could be actively attacking your web site.
Your software may leverage firewall rules to identify and block malicious traffic to your website, protecting you from the latest WordPress attacks and security vulnerabilities.
The security scanner and firewall you are using probably relies on updates to thousands of malware signatures that help identify malware on your website and block malicious uploads.
Bravo !… BUT
Web applications are highly complex and the threats against them are constantly evolving in both their cleverness and power to do harm; especially when there is more of value to steal or hold for ransom.
AND… there are still many ways for break-ins
Websites may be infected via cross-site scripting (XSS), code injection, and other hacking techniques.
Website traffic may be visible or hijacked by hackers.
Malware may unknowingly be downloaded automatically into your network.
Your applications could even be directing traffic through http so as to bypass firewall rules.