When you are running a website it is very easy to lose sight of the things that made your website a success in the first place. The average person does not know the amount of work that it takes in a running a successful websites. They either think that the job is too big and that it is impossible to do or they think that the job is too small and that anyone can run a website these days. The most important thing is that you know all that it takes to run a successful website. And you have to remember that you should not sacrifice one part of the job because other parts of the job are more fun. And for a lot of website owners the least fun part of the job is worrying about the security of both the internals of the website and the users who visit the site.
Yes, when you run a website you have to worry about these two aspects of security equally. And that is hard to do because they are both very different avenues of attack. While the attacks can happen alongside one another you still have to think of them as two very different vectors. Because the end goal is usually different when you are talking about these two types of attacks. One of the end goals is to be able to trick as many of your users as they can into giving up personal information that will lead to the attacker gaining profit. The other end goal when it comes to an attack on the websites internals is that they want to be able to control your website and maybe profit off of your users or use your website as way to attack other people on the web.
While both levels of security are very important, you should really think about your users before you think about yourself. If the people that come to your website in good faith are attacked there is a lot that you can lose. Not only will you lose a lot of customers who do not believe in the security of your website anymore, but you will also lose the reputation that you have garnered throughout your time on the web owning a business. Word of mouth spreads pretty fast on the web so anything that happens negatively on your website is going to be known pretty quickly. And if the attack is big enough it might pick up the attention of some major news sources both online and off. And that is the last thing that you want to happen. You do not want the news spread that you cannot protect the people who visit you.
But while the users are your first priority, your very close second priority is the integrity of your website. While you might do all that you can to make sure that customers information is secured, if you lose control of your website you might not be able to protect them anyway. If black hat hackers are able to get in the back end of your website then not only are they able to use your server any way that they want but they will be able to use the data that is on it anyway that they want as well. And if that is your customers data then you are in trouble with them anyway.
When it comes to server security you have to really think about all aspects of the attack. If you just focus on one then you will find out that you have lost the war anyway.