CIO100 2018 #31-100: James Dickinson, BDO New Zealand

“At the core of the relationship between an accountant and a business is – trust. Trust that you’ll be given correct accounts, the right advice and that your most closely held financial and organisational data will be given all due care and responsibility,” says James Dickinson, CIO of BDO New Zealand.

It is this backdrop that BDO New Zealand embarked on an ambitious programme of enhancing its cyber defences and controls, says Dickinson.

Before this, he presented to the board a comprehensive cyber posture assessment of the organisation, and emphasised the need for an independent review of the BDO cyber position.

The cyber strategy plan was delivered and its components included the

implementation of enterprise Privileged Account Management via CyberArk and RDM; implementation of enterprise wide AlienVault SIEM; cyber awareness training and automated self-phishing campaigns via KnowBe4, standardisation of 1100 desktops onto centrally managed ESET endpoint AV (from MS solution), and single pane-of-glass visibility into everything via Slack. “This all appends our prior investment in fortigate next gen firewalling and wifi, all managed centrally from FortiManager and FortiAnalyzer for threat hunting,” says Dickinson.

He says the business and technical integration of the programme has largely gone well. “Most importantly, our users are responding positively to this new paradigm.”

The board has responded positively to this change and to a large extent was the driving force behind their investment in this area.

Affecting change is always hard but the leadership shown by our board and influential partners has filtered down, he says. On the technical side, he says the team faced immense hurdles as they implemented the scale of change across BDO’s vast IT estate.

“My team are encouraged to challenge me, collaborate and make good independent judgement calls, safe in the knowledge that I’ll back them up. The result is a tight knit group who work well together to deliver exceptional outcomes.

“The innovations in-and-of themselves are tried and true solutions to the enterprise security problem that avails the modern organisation,” says Dickinson.

“For a professional services organisation whose success revolves around trust – reputation is everything. The investments we made; technologically, operationally and culturally – hold us in very good stead relative to our market competitors we believe. This is a compelling competitive advantage in this day and age of prevalent and persistent cyber threats,” Dickinson says.

“This biggest lesson I have learnt, and one I espouse regularly, is to have a plan; B, C, D, E, Fhellip;as you’ll be astounded how often you have to go really deep into your contingencies in order to get the job done,” he says.

Closely related to this is the need to build and maintain a vast network of contacts, he says.

“You never know when you are going to come unstuck and need to reach out to someone you’ve previously met for advice, a favour or to solicit help on a project.

“We can’t all be experts in everything so take the time to broaden your network and make it known that you are only more than happy to offer advice and support in areas where you are strong. In the hope that good karma will come back to you when you need it most.”