Basic security must be thoroughly implemented first.
It appears that 85% of major infrastructure attacks occurred due to failure to maintain basic levels of security such as patches, 2nd authentication (additional authentication), and the principle of least privilege.
Most attacks can be prevented by simply following basic security policies.
