Ironically, all of this is preventable by locking down the facility at the point of installing telephone systems. Manufacturers create the facility for firms to permit their own staff to access the system and call on the host phone bill legitimately. Few organisations need this option but slack installers often pay little regard to crime prevention and forget to lock it. Even if an organisation requires the function it can be limited to a white list of caller IDs.
Of course it could be helped if the manufacturer made the default setting to disallow the service. Telephony networks could also assist by setting billing alarm thresholds when there are spikes in outbound traffic. One SIP trunk provider has recently launched such a benefit to it's customer due to an increase in this type of occurrence on telephone systems using VoIP.
Users can also use call management software in-house to flag peaks but often don't act until it is too late.