[logn]

I'm sure this will be the argument in Congress for 2015.

I think these attacks could be reduced by holding companies financially responsible. First, insurers shouldn't be allowed to exclude terrorist attacks in their policies. Second, forcing arbitration or excluding class-action should be unenforceable in a contract. Third, we could establish clearer standards for what constitutes negligence in IT.

edit: And this might be a good time to discuss making software engineers actual licensed professionals and forcing companies to use them.

[zaroth]

It's hard to grapple with, but our systems--our entire network infrastructure--is simply not designed to withstand these types of attacks. It's very safe to assume that you literally cannot protect yourself from this kind of network intrusion. I know it's fun to rail on Sony, and surely they didn't make the hackers job particularly difficult, but victim blaming isn't useful.

I think it's likely that fallout cost from this breach will cost Sony hundreds of millions of dollars. It's almost an existential crisis the amount of damage this hack has done. The information disclosure was complete. The hackers took a scorched-earth policy on the way out. They got hit mind-blowingly hard. I do have sympathy with the house of pain they are in, and I don't think they need any more financial incentive than what they are already looking square in the face.

I don't think the story here is about negligence in IT. Even Google has been hacked very badly in its time. There are two kinds of companies, the ones who have been publicly hacked, and the ones that just haven't discovered it yet.

The real story here is we are seeing an escalation in cyber-warfare. This is not "hacking" in any sense. This is extortion, humiliation, and subjugation. It's very sad to watch.