It is not the first time I am talking about Zero Trust here. And often it is absolutely clear to the customers that the next perimeter is the identity and not necessarily the network to the same extent anymore.
Read this article: More Than 99% of Cyberattacks Need Victims’ Help – the network protection will most probably not protect you against such attacks. What you will need is a clear strategy around your identities and in addition across the whole kill chain. You need an enforcement point, which does constant, flexible, risk-based authentication before you get access to the asset. The risk score needs to base on the whole defense in depth toolset and integrate the signals from there into the risk – dynamically.
This should help the risk to raise in case you clicked and “helped” the attacker.