Reading this article today, there were two aspects that stood out, the first being the fact that phishing attacks have increased by so much.
Once conclusion from this is that it works, and this is seemingly backed up by the second fact that when simulated test attacks have been run, one third of Fortune 500 Executives targeted would happily fall for the phishing bait.
Phishing is especially effective against users with high privilege since when a browser exploits is used, the users rights can be leveraged to effectively takeover the workstation.
The response needed is a range of measures: Better education of all users within an organization to be aware of the phishing threat and the many forms it can take, but also the need to harden all systems against attack, including the need to ensure users are only ever afforded the lowest level of privilege required. And of course, file integrity monitoring to detect the signs of a breach.