Re: over and over and over
"Surely if they're even hire-able in the first place they can tell departmental business from garbage."
If, as the article suggests, they're highly placed government workers, they will be expected to be up to speed with goings on in local and foreign politics, what the press are saying, and the output of numerous external analysts and think tanks. If you routinely receive unsolicited external emails with work-related attachments then you're going to be vulnerable to clicking on something that looked credible, but has a payload. You could have a rule that bans opening attachments (or even have the mail server delete them automatically), but it then creates a very embarrassing problem when the head honcho screams "why wasn't I aware of X?", and the answer is "because the IT people deleted the documents which would have told us about X".
You'd have thought that any competent IT department would be able to strip out commodity grade malware, but dealing with a state sponsored hacking team, there's every chance that they could be using zero day exploits against which your defences are weak. Defending against state sponsored hacking is always going to be very difficult.