There are some data breaches that are absolutely preventable. Some hacker finds their way into some system not configured correctly by some sysadmin. While obviously I don't know the answer to these questions.
- Did Samsung hire external expertise to assess it's practices
- Were security experts brought in to do penetration testing on their systems
- Are sensitive areas firewalled off properly
- Do Samsung employees receive training in phishing emails and good security practices
- Are multiple authentication methods in place for Samsung employees logging into corporate systems
- Do Samsung systems get patched regularly
- Are Samsung systems hardened properly -- according to industry best practices
- Do Samsung systems undergo periodic review
- Does Samsung follow industry best practices
- Does Samsung have systems and processes in-place to monitor the network
While we may never get the answer on how this leak was accomplished, some leaks, like the infamous RSA leak was brought about by one employee clicking on something they should have known better.