Unfortunately this is due to the fact that phishing and social engineering have become the easiest way for people to breach company and personal IT security assets and/or cause damage from a distance.
Users tend to overlook basic security concerns in the favor of “getting the job done”. This can be due to many factors such as lack of training or lack of concern. Unfortunately without a strong support for security practices from the senior levels of management with a re-enforcement from mid level management. Adherence to security policies which are given during training received by all employees there is no other true combat for phishing schemes and social engineering attacks.
Unfortunately even with the most advanced technical security controls on your machines, your security is still vulnerable to users who are not fully educated in social engineering and how to identify phishing messages.