In order to spend the money stored at a bitcoin address you must know the private key. The private key is a random number between 1 and 115792089237316195423570985008687907852837564279074904382
605163141518161494337, often represented in hexadecimal format. That is a very large number, 78 digits long, roughly equal to the number of atoms in the universe! Using the most powerful computer known to exist, it would take hundreds of millions of years (if not billions) to guess a randomly generated private key.
However, there are two scenarios which mean a thief would not need to guess your private key. If they can get physical access to it, or it was not randomly generated.
If your private key was written down, perhaps using a paper wallet, and someone was able to either steal or copy it, they would be able to spend the bitcoins at that address. More commonly, thieves access private keys that are stored insecurely on computers connected to the internet. Alternatively, a thief may attempt to trick you into disclosing your private key, perhaps through a phishing website or email.
If the private key was not randomly generated then the pool of possible private keys may be small enough to brute force. If you decide to generate a private key yourself, perhaps as a brain wallet, it is important not to use any common phrases. There are many bad actors monitoring millions of addresses derived from private keys generated by common phrases and song lyrics etc.
You should also make sure you trust any software you use to generate your private keys, only using open source software and downloading from official sources.