You need to create a baseline audit on all your hardware and software devices on and off the network, IOT. Dedicate resources to perform security hardening, software and hardware. Use NIST, STIGS, FIPS, CC. Use the right security tools for pen testing, vulnerability & mitigation management assessments & techniques. Have a common sense guide to mitigating insider threats. Provide training and access to research and educate your security staff and accountability teams. Create accountability teams consisting of HR, security, audit, legal, Sr Management and selected trusted employees. Security policy and procedures for business alliances and third party vendors, U.S. and International.