This is why you need some way of identifying data leakage, like CybelAngel (yes, shameless plug), and to look after employees that have access to sensitive information. This is all complicated by outsourcing as the employee might not be under your direct control…:
Researchers who operate undercover in the Dark Web are noticing an increase in activity among rogue employees selling access and stolen data from their organizations — mainly financial and telecommunications companies — for profit.
Charity Wright, cyber threat intelligence analyst and researcher at IntSights, says the rogue employee, often working via underground brokers, is a growing phenomenon in the Dark Web. Researchers have observed sellers, especially in Russian language-speaking forums, openly discussing how they offer services where they steal and sell information from their employers.
The researchers spotted a pair of telecommunications employees selling text message logs and geolocation information from phone SIM cards, for example. “There’s huge potential for damage if they use it to target VIPs or government employees,” for instance, Wright notes. “These services are relatively cheap, and all you have to do is provide them a phone number and they can give you everything they have on it.”
Rogue financial firm employees typically get paid more: Brokers offer 10 times more money for information supplied by bank insiders. “Because they have the keys to the kingdom … with customer bank information they have access to, and deals that are being closed, for insider trading,” she says.