Your sensitive data must be only accessed by users that have a legitimate business function or reason to deal with it. Keep privileged users with extended access rights to data under close monitoring.
With data governance solutions you can detect any changes in access rights, follow the business activity and data, remove access right privilege, and improve data threat.
For a good protection of your critical resources, it seems obvious that a good access control and a review of rights will reduce the surface of exposure to risk and will limit the damage caused by attacks.
Monitor all access attempts to sensitive data, files, and folders to check for external attackers or malicious internal users trying to get their hands on your sensitive data.