If you read the security breach reports, you will see that the vast majority of successful security breaches are not especially technically sophisticated. However, it is certainly the case that one of the greatest concerns for businesses today is the increase in advanced persistent threats to the business. Usually, the skill level of these attackers is much higher than the norm, so is a worry. Automated threats can turn the search for vulnerabilities into an attack on an industrial scale.
The starting point is to take a common sense approach by looking at the basic setup of servers and all software installed therein to ensure all the programmes are properly configured. You would be amazed at how many people fail to address the simple things first, whiether through ignorance, laziness or lack of motivation, the result is the same. Default configurations are designed to ensure maximum ease of setup. This usually is achieved at the expense of proper security and privacy, so is an obvious point to start at. Tight access control is a must, as is the simple expedient of actually checking the server logs to identify what types of threats are coming in, where they are coming from, and identifying any simple procedures that can stop them in their tracks.
You could use multi-step authentication to make it much more difficult to get in to the system. You can ensure you set up databases and similar programmes to filter out undesirable inputs to prevent injection attacks. Preventing root login is a simple cure to many potential issues. There are a huge number of simple things you can do to help. Above all, vigilance is the key here. If you don't understand what the attackers are doing, and they get in, the first thing they will do is to delete the server logs to prevent you finding out about them.
Above all, don't forget that the business architecture of a company is represented by a combination of people, process and technology. You cannot focus on a technological solution alone. People are generally the weakest link, and even with good training, often lapse when it comes to good security practices.
I have attached a list of some relevant research and security breach reports you could usefully examine. I hope that helps you.