The Human Touch: How hiring more Anthropologists could improve your organisational culture

  • Author Lianne Potter, ASDA

  • 10.03.2023

Cybercriminals are using what makes us human against us. They are already acting like anthropologists, psychologists and behavioural scientists, and we should be too. Or at the very least, hiring them!

By 2025 it is estimated $10.5 Trillion will be lost to cybercriminals. This is one of the biggest transfers of wealth in history. Hacking humans, it seems, is a very lucrative business.

The security industry is always striving to be ‘one step ahead’ of the criminals in terms of technical capabilities, but in doing so we can sometimes neglect the very human nature of hacking. One way to address this is to look to alternative candidates in the job market…I think the cybersecurity industry needs to hire more anthropologists.

And why do they?

Cybercriminals are using what makes us human against us. They are already acting like anthropologists, psychologists and behavioural scientists, and we should be too. Or at the very least, hiring them!

What is anthropology?

When I tell people I’m an anthropologist, they ask: Is that something to do with bones? Or Is it a bit like Jurassic Park?

Letting people down gently, I tell them, no, anthropology isn’t either of those things.

The ‘anthro’ of anthropology, means ‘human’.

Anthropology, therefore, is the study of what makes us human. I study the different aspects of the human experience and how cultures are born, grown and developed and thrive or even collapse. My specific interest, and how I got my start in tech, is digital anthropology, which is the study of how we engage with each other online, through digital communities.

A place where we increasingly spend most of our time and, particularly since covid, where we receive a good proportion of our social interaction, either through video calls, or via social media or messaging apps.

So for anthropologists, and the other social sciences, Covid afforded us a really unique opportunity to understand what the world looks like when a large proportion moves to mostly online.

As anthropologists we have been watching with interest what this change means for workplace culture. While many organisations are talking a good game about embedding a ‘strong culture’ at their workplace, do they know what it really means?

What is culture?

Culture is shared.
Culture is learned.
Culture is adaptive.
Culture is rooted in symbolic meaning.
Culture arises out of our need for meaning, our desire to build for social forms, culture is about behaviours which are learned from those around us.

While the tech might have changed, and the way we use the office, and the way we work together has changed, what remains constant is that human connection, regardless if we share the same liminal space. .

When it comes to cybersecurity, the threat landscape is ever changing. Constant new threats and new approaches to tackle those threats, means we have to cling to that human constant. So if you want a new approach to security culture that works for your organisation to help you face new threats, then you need to start thinking if you want your talent pool to just come from the ‘usual suspects’ of computer science or information security degrees, or the same set of certificates. You might do well to consider hiring from the humanities.

The clue is in the name, humanities.

Because at the end of the day when you follow the cables, our colleagues and our customers are all people, and that’s who we’re protecting.

And that should be our priority. But that doesn’t mean your role as human-centred security practitioner is that of saviour or hero.

You need help, you need a tribe-mentality to help you.

Culture is intrinsically interesting to humans because our evolution has required it.

Without it, we don’t survive so our brains seek out these connections, forge these relationships, build a community.

Security is everyone’s responsibility – Is it?

There is a common line that appears on a lot of policies and security training in organisations around the world:

Security is everyone’s responsibility.

Is it? 

It’s hard enough for me, a security practitioner, to keep track of the latest CVE’s – should I expect my non-security colleagues to keep on top of them too? I think not. 

But what is everyone’s responsibility is culture. 

Luckily, security can be embedded into that even if it isn’t very obvious at first. 

We as security practitioners need to do better to create a culture that enables all of us to build up our resilience against these cyber threats. We must cater for a wide breadth of expertise, capabilities, experiences, cultural norms, along with equalities and disparities that frame these individuals.

Think to yourself ‘what decisions can I make to ensure we are building an anthro-centric security culture? Imagine what other perspectives a cyber anthropologist, a psychologist or a behavioural science background in your next security hire would bring!  

So next time when you’re looking for your next hire, or deciding where to spend your security budget remember that 95% of cybersecurity breaches are caused by human error. 

Why should the cybersecurity industry hire more anthropologists? 

Because when you follow the cables, behind every piece of tech is a person, consumer, creator, and even hacker, and we should never lose sight of this.

Follow Lianne for more insights on Cyber Security, Anthropology, and everything inbetween!

All events

All sponsors