You'll never be able to prevent an attack or intrusion from someone that's dedicated. You can use tools like anti-virus, ad blockers, and malware scanners to prevent attempted attacks and intrusions from attackers looking for an easy victim. The people with the skill set to backdoor a cyber security firm would stomp over general public. Like an Equifax breach. This applies to all aspects of life.
Not quite, the Equifax breach is actually somewhat worse in the fact that they left themselves open to an attack. Not only that, but I believe that while they did have encrypted files, they had the keys to undo the encryption very close by, if not in the same area.
Also bare in mind that there is this push in a lot of governments to start mandated back doors in OSs and software.
There is a decent part of the cyber adept that audit software for security flaws. Most of the time, the company acknowledges the issue and releases a timely update. Some times they don't, like when Google outed an Windows 8.1 flaw that Microsoft took too long to fix. As long as you use a reputable software, you'll be fine.... that is until it's not fine, but it'd probably be too late.
MS has been pushing Win 10 now, this is just a passive aggressive way to get people to move forward.
Again, if people get their way with mandated back doors, all this is for naught.
For the last 8 years I have run my personal and business computers without any anti virus except for the windows defender that is built into Windows. I also run a Malwarebytes scan once a week. I have not had a virus once in that time. 3rd party anti virus is a scam and it slows down your computer. Just don't click on suspect links and learn what a phishing email looks like and you are already going to be safe most of the time.
Be very aware that not every bit of malicious code is designed to be obvious, some are very low key and may not even know that they are running.
Here is the thing too, attackers now aren't going to so much for the computer as much as the network itself. So even if your computer is protected, everything else along your network may not be and that's where they will get you. From there, they can direct your traffic how they like and you may never know.