Automation: Not Really a Blessing for Cybersecurity Automation and machine learning are among the most annoying buzzwords these days simply because of the frequency with which they are used. The concepts and processes behind them, however, do have their merits and these are numerous. However, in a cybersecurity context, automation may not be all that it’s cracked up to be, writes Chris McDaniels for SC Magazine. Automation in cybersecurity, McDaniels explains, is simply a way of helping cybersecurity providers predict future attacks based on data about past attacks. However, “simply” is anything but simple. Unlike other industries where the predictive function of machine learning worked just fine (TV show suggestions based on your viewing history), this is not the case with cybersecurity since cyberattackers evolve so quickly, finding new ways to attack systems. There is one way automation can be used to improve cybersecurity and that involves a broader approach. This approach includes algorithms actually analyzing past breaches and collecting information from a variety of sources to be prepared to detect future attacks. However, even this is not very viable right now: every organization has unique vulnerabilities and risks, so there cannot be a universal, affordable approach of the one-size-fits-all variety. Most importantly, right now no artificial “intelligence” can beat the human brain. Humans are the once who carry out the attacks, whatever technology they use in the process. Or, as ERPScan founder Alexander Polyakov wrote in a story for Forbes recently, “There will always be a person who tries to find issues in our systems and bypass them. Therefore, if we detect 90% [of] attacks today, new methods will be invented tomorrow.”