You can't secure a network against human stupidity. IT most likely has no fault. People will open every attachment they get sent, especially on their work emails and if the emails look work related(a complaint, an order, etc.).