The US Government is far away from getting its act together regarding network security. Some branches of government have been making some choices regarding battening down the hatches, but the general consensus is that federal agencies have no clue as to how to stop computer security threats.
Now, from the same GAO report that found agencies woefully unprepared, we find that a lot of government workers are falling victim to phishing exploits. Furthermore, a big part of the solution needs to revolve around reporting threats internally, and government workers fail in that regard as well.
If I was still getting beaten up by Nigerian 419 scams, I’d be too embarrassed to report it too!