Andrew Walls, a security analyst with Gartner, says the critical balance in all of this is ensuring that your IT people have the needed powers to get their jobs done while also setting limits to their overall control over the systems.

"Many organizations have this idea that IT is this arcane world and that the wizards who reside there have to always be trusted," Walls says. "That idea went away a long time ago. The same rules that govern the rest of your company's staff have to apply to your IT staff."

In the recent Shionogi case, Walls says it is ironic that the former IT worker used licensed IT tools to cause the harm from within the company. That could have been avoided if his network access had been removed immediately, within 20 minutes of his departure from the company, Walls says. "In no uncertain terms, if you terminate a person from their employment, their access must disappear immediately, not in five or 20 hours. In many organizations, they actually start removing access privileges before the person is even gone. That's what enabled this whole attack."

In the Shionogi case, Cornish had resigned after an ongoing dispute, but the company hired him back as a contractor so he could finish a project for them, according to IDGNS. That might have been a fatal mistake, Walls says.

"I worry about an organization that says 'we don't like what this guy is doing so we're going to turn him into a contractor and then allow him to keep access,'" Walls says. "If someone can't be trusted, they shouldn't have access to your environment. What happened here to enable this to go on was that their user provisioning lifecycle was not handled well. If your system is so complicated that you cannot replace one member of your team quickly, then you have a bigger problem."