Basic security must be thoroughly implemented first.
It appears that 85% of major infrastructure attacks occurred due to failure to maintain basic levels of security such as patches, 2nd authentication (additional authentication), and the principle of least privilege.
To strengthen security, the order of applying 2nd authentication that supports a multi-layer authentication system is first the operating system (OS), second the administrator account or management console, and third the general user account.
Most attacks can be prevented by simply following basic security policies.