How can we protect ourselves from cyber attacks and gaps?

Every day, new security flaws are discovered in products that are just released. How do professionals and managers deal with this reality? Are they properly prepared? Are they properly trained?
It is becoming more important to create a secure and compliant environment. It is vital that employees, managers, and professionals are continuously updated on information security concepts and tools. Companies have invested in education to raise awareness about the use of corporate resources like e-mails and notebooks, desktops, smartphones, flash drives, and so forth.

In a survey conducted by Tech Republic we can realize that one of the biggest threats used in 2018 was the phishing attack, which is a dishonest way cybercriminals use to trick the user into revealing personal information, such as passwords, bank information, and personal data. They send fake e-mails to trick you into giving out personal information, or redirecting to fake websites. This is done to try to steal or hijack data.
The New York Times reports an attack on the American Pentagon:
Most of these attacks have been traced back to what professionals call layer 8, which is human errors or mismanagement of people or resources. One common scenario is when companies have a great team of professionals but little budget to invest in information security. Or, if they do have the equipment, it’s often misconfigured. Entrepreneurs and principals don’t realize the importance of having an IT department with the right resources available when a security incident occurs. The General Data Protection Act is believed to have triggered a cultural shift in how customers are managed and protected.
More details on the law at the link:
Let’s take a look at some techniques and their explanations to make the environment safer.
Hardening is the process of mapping threats, mitigating risk, and executing corrective actions. It focuses on infrastructure with the primary purpose to make it more resilient to attack attempts. The process typically involves removing or disabling logins or user names that are no longer being used, as well as removing unnecessary services.
Fuzzing is a method of testing software, which can be automated or semi-automated. It involves entering random, invalid, and unexpected data into computer programs. The program is then monitored and analyzed for errors such as run-time problems. Fuzzing is a common technique used to test security vulnerabilities in software and computer systems.
Vulnerability analysis: Systematically identify system vulnerabilities and eliminate them. There are several stages to detect, remove, and control these vulnerabilities. These three steps must all be completed by professionals who are familiar with native security tools. This will facilitate the identification of vulnerabilities.
Pentest: Also known by penetration testing, this scope is more extensive than the vulnerability test. A vulnerability test can be as simple as running software that lists open ports. The penetration test simulates an attempted invasion of the environment. The penetration test is usually conducted via an Internet host to access an inner device. There are many ways to perform a vulnerability test. Each method depends on the area you wish to exploit. The following categories are the most common:
Port scanning.
Vulnerability scan
Protocol analyzer
Password crack
Network mapping
Site Survey
Tests using OVAL (Open Vulnerability and Assessment Language).
It is important to follow the best practices recommended by the equipment manufacturers. This reduces vulnerability