I would hope that someone either at Sony or at another computer security incident-response team (CSIRT) that worked on this incident would be able to present a technical case study at an event like a FIRST "TC"so that others can understand and prepare for similar attacks.
But we can't stop there. It's one thing for the incident responders to understand new attacks and tools, assuming that's what was actually used against Sony, but it's also vital that that information works its way upstream, all the way to the people who develop our software.
I can vouch for the difficulty encountered in trying to get information like that all the way back to software developers. Indeed, I've spent the greater part of the last decade doing exactly that in my consulting practice.
But if we have any hope of getting to a point where a company like Sony can with confidence summon the backbone to say "hell no"to a cyberbully --or cyberterrorist --we simply have to more effectively learn from our mistakes and share that knowledge to all the key stakeholders in the security of our systems. That set of stakeholders extends far beyond the confines of the traditional IT security department.
So, to you fellow incident responders out there, I say this: Find ways of spreading the knowledge you've amassed through dealing with incidents, and make sure that knowledge can be consumed by software developers, testers, system architects, business owners, and the entire cast of characters that have a stake in our business systems. We'll never succeed by simply putting out today's fires without taking the time to systemically improve our practices.
Sign up for Computerworld eNewsletters.