Thats true its a big threat.
But what can you do about it? A client connects to a webserver, read a page containing a command and executes it. Then it request a (nonexistent) page containing the answer.
That's 1 way of doing it. There are something like 10 ways that I know, some are really hard to track (combining Artificial Intelligence and a lot of imagination..)
Well first you should be sure that nobody manages to get in your network. I know its a stupid answer
but still.. the core problem is here. If you ask yourself this question in your post then it means that you believe that your network is already very secure.
If you are scared by an internal user installing this, you can block traffic by time (after 8 in the evening, no more traffic). Its easy to implement but does not solve all.
How can you caracterize a reverse backdoor.. thats the question and the answer is not easy.
A few studies exist in this way, search for this:
moltunnel
tcpstatflow
NetEntropy
Its used to detect tunnels
The thing is that these tools can be fooled. But then you are fighting against skilled crackers. You can't do anything against somebody who is very skilled and determined... face it.