There is a vast raft of strategies and technologies that are needed. One of the things to understand is that you really have to build a security fortress, and any way in is a way in, so you have to look for complete comprehensive coverage, while the attacker just needs to find one gap or one hole or one vulnerability. As we mentioned, this could be things like social engineering attacks. This could be things like inadequate encryption. This could be things like firewalls and email protections that are not quite in place.
It's very complex. There are professionals who dedicate their entire lives to understanding and staying current on these activities. There are entire departments that focus on this, and there need to be.