Usually this happens because there is a complicit systems adminstrator.
Again, human behavior is probably the enabler. Not some kind of wizardry.
Disgruntled,blackmailed,greedy, or ideologically asinine employee or contractor could pop in a USB stick in a moment.
It is amazing how many companies management has no idea of the vulnerabilities of the systems which are vital to the company.
I worked with a asian guy who was a system admin who left to work for Sony here in the Los Angeles area.... hmmm
Never did ask him if supported the south or the north : )