The Sony hack worked.  It did the job it was intended to do.  It coerced a major corporation and its corporate partners into changing their behavior.  

It's a good example of a type of attack we are going to see much more of.

However, it's important to understand why it worked so well.  It wasn't due to:

its sophistication,
the damage it did to Sony's critical systems, or
the amount of money it stole.

It was effective because it went after employees and business partners as individuals.  

It was effective because it pierced the corporate veil by personally attacking every employee at Sony (and some of their business partners).

The corporate veil is a fictive barrier that protects employees, as individuals, from what they do as employees for the corporations they work for.  While the veil is primarily used as a legal term (when determining liability for example), it's also useful in thinking about what happens when corporations go to war.  

How to Pierce the Corporate Veil

Gather Information:  The hack didn't just pierce the veil selectively (as it could have by spear phishing), it shattered it by gobbling up personal detail on every employee.  This data included everything from:

Financial and benefit accounts - to -
E-mails depicting conversational exchanges - to -
Health information and other details from personnel files.

Amplify the information:   In this hack, they released the data.  Selectively and slowly, in the very same way Snowden released the NSA's data.    

Slow is better, because it keeps the attack in the press.  Naturally, the "viral press" (from Gawker to Huffington Post to Business Insider) pounced on it like red meat.  

Within days, there were dozens of stringers at these orgs spending their days and nights sifting through the Sony files to find juicy headlines to publish.

Use the Hack as a Moral attack on the Company:  

The first moral level attack was aimed at Sony's senior management separating them from their business partners (producers and talent).  It worked.  

The second attack was aimed at shattering the moral cohesion of the company by separating management from employees.  The company did quite a bit of this to themselves by mishandled the entire situation -- they kept their employees in the dark while their personal data was in the wind.    

At the employee level, it was a mess.  Here's a couple of examples:

My bank account was hacked [on the day of the first attack,]” said our source who works at SPE offices in Los Angeles. “At first we just thought it was total coincidence.”

-or-

I was completely irate. Once it got personal, it was just, are you kidding me? Seeing the faces of colleagues with families—they’re worried about their life savings, their retirement funds, their kids.

What was the effect of this attack on employees?  It shattered the moral cohesion of Sony as a company.  The proof of this is  that Sony is now facing not one, but three class action law suits from its own employees.