While reading RSnake's latest post, I cannot escape the feeling that he's in a very gloomy mood today. His advice:

"The truth is, if you have something interactive connected to the
Internet, it's probably exploitable in some way, and really, it's not
that terrible of a thought considering it's pretty much always been
that way."

As gloomy as that may sound, it is something that I run into regularly.

Too many people assume that the next new (web) app that is getting deployed 1) is absolutely essential for the continuity of the company and 2) must run on an internet-facing web server.

Air-gapping  a system is probably not that feasible in this day and age (although I still see self-contained networks with only a dial-out modem that gets unplugged when not in use), but using common sense when deciding on the visibility of a system can never hurt!