Absolutely. It's just that highly motivated, targeted, and sophisticated social engineering is really tough to totally prevent. It just takes one person to fall for it, and the attackers can keep cycling through people (quickly, to get ahead of company-wide warnings about the social engineering attempts) until they succeed.
Any successful attack vector can be turned into a training scenario and repeated until better responses are trained into the target group.
Military casualty drills are very effective at instilling near instinctive responses... same principle applies.