A nice summary of security best practices in response to breach activity last year - not much new...
Writing on Pro-Security Zone, Michael Aminzade, VP Global Compliance & Risk Services at Trustwave, summarizes lessons learned in 2014.
Device hardening is key - adopt CIS Security Benchmarks for an off-the-shelf hardened build standard.
Similarly, make sure that security best practices are being operated by any 3rd Party IT Service Providers - breach origin has frequently been traced back to 3rd party credentials/access being exploited.
Test security regularly, ideally continuously. Vulnerability Scanning and Penetration Testing are both highly effective for assessing cyber security defenses, but in fluid IT environments with lots of changes, security must be assessed continuously with an emphasis on breach detection. NNT's Closed-Loop Intelligent Change Control is the only way to maintain complete visibility of changes and spot malware when it strikes.
You cant always stop the breach, so make sure you are also geared to spot the breach when it does happen.