McConnell Dowell’s High-Value Digital Transformation

Headquartered in Australia, McConnell Dowell is a leading engineering, construction, building and maintenance contractor serving key sectors ranging from energy, power, and transport to social and public infrastructure. Its employees partner closely with customers from 23 locations throughout Australia, New Zealand, Asia and the Pacific Islands.

Like many companies, McConnell Dowell increasingly relies on technology to underpin and transform many aspects of its business, which means cybersecurity is a central concern. A key challenge: building cyber resilience and enabling digital transformation with a lean IT organization that doesn’t include a dedicated team of security specialists.  

“Nobody in IT has the word ‘security’ in their title,” says Heinrich Kukkuk, McConnell Dowell’s CIO. “Security is part of a lot of people’s remits. So, we need solutions that require less administration and maintenance.”

To help solve the challenge, McConnell Dowell transitioned to an integrated, cloud-centric security ecosystem based on technology from Mimecast and other key suppliers. That strategy has helped the company increase its cyber resilience while freeing the IT organization to devote more time to key business initiatives. “These integrated solutions provide a really robust, agile, and adaptive security defense without investing a lot of time. That gives us a massive opportunity to spend more time on value-added activities,” Kukkuk says.

Addressing a Major Pain Point: Archiving

McConnell Dowell first worked with Mimecast to solve a key problem inherent to the construction industry: the need for rapid e-discovery in a litigious business environment. “We spent far too much time on tasks like e-discovery,” Kukkuk says. “With archives stored in Lotus Notes and other sources, e-discovery often took weeks, even months. People were tied up in very low value activities. So, along with moving to the Microsoft 365 cloud productivity solution, we ingested all our Notes databases and content into Mimecast Enterprise Information Archive.

“It took effort, but we can now perform e-discovery in minutes or hours. Having that reliable record can save us millions of dollars. Moreover, it lets us reassign IT staff to more value-added activities.”

Addressing the #1 Threat Vector: Email

Through this success, McConnell Dowell built a trusted relationship with Mimecast that contributed to its decision to deploy Mimecast’s secure email gateway worldwide. “Email is our highest threat vector,” says Kukkuk. “We saw an opportunity to reduce both the number of threats coming into the business, and the burden of administration. Immediately, we also saw a 50% reduction in the volume of email making its way into our network – leading to savings on costly network links to project sites.”

Refreshing Security Infrastructure

Recognizing the ever-growing importance of cybersecurity, McConnell Dowell’s IT organization set out to refresh its entire security infrastructure and architecture, with an increased focus on cloud-based security products. “First, we took stock of our existing tools, and performed a gap analysis, including penetration testing, to determine where we needed to go. We wanted to establish solid foundations and begin embedding next-generation capabilities,” Kukkuk said.

As part of its new strategy, the firm deployed intelligent firewalls to predict more attacks; always-on VPNs to facilitate remote work; and CrowdStrike’s AI-based endpoint protection. It also extended the use of SIEM tools across the business. Afterwards, another round of penetration testing showed greatly improved resistance to attacks.

McConnell Dowell also decided to rely on a few strategic security providers, including Mimecast—and that, too, is paying dividends. Says Kukkuk, “Now we can spend more time with them, gain deeper insights into the security landscape throughout and beyond our industry, use more of their solutions, and get a higher return on our investments.”

Moving the Needle on End-User Behavior

With new technology and strategic relationships in place, Kukkuk’s team focused on what’s often the weakest link in security: people. That involved revisiting security policies, improving onboarding—and, especially, strengthening end-user awareness.

“We’d had cybersecurity awareness training before, but it was just a few animations, boring PowerPoints, and pages of questions. People gamed the system without absorbing the material. Behaviors didn’t change,” Kukkuk said.  

“Then, we discovered Mimecast Awareness Training, and suddenly, training wasn’t just about fear: it was about fear and reward. Fear that you wouldn’t want to end up in the situation of the characters in Mimecast’s humorous videos. But also reward, because the videos really are funny. Now people ask us: ‘when’s the next episode coming? I can’t wait!’ It doesn’t even need to be mandatory anymore, and despite that, we get very high participation. People even watch with their families.”

Behind the scenes, Mimecast’s awareness training technology also provides insight into which employees need more attention, so organizations can target the highest-risk individuals for additional education—an important benefit for a lean IT team. Most important, Kukkuk is seeing behavior improvements that never occurred with previous training.

Freeing IT for Higher-Value Activities

McConnell Dowell’s new infrastructure paid off instantly when COVID-19 arrived, and the entire company transitioned to working at home almost overnight. “With the solutions we’d put in place, we didn’t have to scramble for resources, distract employees, or reduce productivity. In fact, we saw that many people working at home were focusing better, and coming up with more innovative ideas. Our efforts related to COVID-19 are even catalyzing digital transformation in other areas,” Kukkuk says.

All along, Kukkuk’s team has focused on growing business value—and it’s now well along on that journey. “With our core infrastructure and architecture refreshed, workflows migrated into private and public cloud, and robust and secure communications and collaboration platforms deployed, we no longer need to look backwards. We’re ready to leverage next-generation solutions such as analytics.”

“We knew you couldn’t have a conversation around digital transformation until you gained trust on the fundamentals. So we first made sure we were a strong service provider to the business. Then we became a technology advisor. Now we are a business enabler. And over time we will increasingly become a strategic asset.”

The Bottom Line

For leading construction services firm McConnell Dowell, the transition to a next-generation security architecture with a focus on cloud-based services is helping to drive business value. Key to the transformation: a relationship with Mimecast, including email security and awareness training, that helps build cyber resilience and allows a lean IT team to refocus on high-value, strategic activities.

Learn more about McConnell Dowell’s strategy in the Mimecast Cyber Resilience Summit session McConnell Dowell's cyber resilience journey, available on demand online.