The most common cause of Joomla exploits is due to vulnerable extensions. To help its users stay on top of risks from vulnerable plugins, Joomla maintains a list of known plugin vulnerabilities.
You should also keep Joomla itself updated. Similar to its known plugin vulnerabilities, Joomla lists security issues within the Joomla core.
For additional protection, you might consider using CloudFlare's Web Application Firewall (WAF), which can provide some defense against malicious requests attempting to exploit vulnerabilities. CloudFlare also provides brute force protection.