> online services have cutting edge security with no known exploits, yet you have millions of people attempting daily and developing brand new methods for getting in
Reality is the reverse. Plenty of online services with big-security holes, but no one really probes things that hard.
My personal site sees little to no real user traffic, but gets hundreds to thousands of hits monthly from bots looking for various known vulnerabilities in older versions of WordPress, PHP, etc.
Plenty of people are probing the AmaGoogAppSoft services daily and they seem to be pretty robust. Some random SaaS yeah who knows but the big boys seem to know what they are doing in this space.
I would expect the headquarters building of a fortune 500 company to also have a non-trivial level of security, so in that regard I'm not convinced the internet has changed much.
The average home is probably more analogous to a consumer router—and the security story there is not exactly great.
I mean, it does require relatively rare technical skill among the general populace, so you need to incentivize it in some way. That is nowhere near a sufficient argument to prove it's difficult in the sense of it being a rare event. Lots and lots of rewards are given out, which means there are lots and lots of open holes in any given moment.
Reality is the reverse. Plenty of online services with big-security holes, but no one really probes things that hard.