Time. Speaking from personal experience all you need is time and will, Russian, Chinese etc. hackers have plenty of both. The digital world is a complicated place and there are a lot of potential exploits – the whitehat has to cover them all, whereas the blackhat only needs to find one. But honestly most hacks are not actually that difficult, people just leave doors open either out of laziness or ignorance. I can’t even count the times I have been at major companies and I asked “Are you really doing this? You know it can be exploited by a semi intelligent teenager.” Yet it didn’t change. They always close the barn door after the horse gets out.