Companies are forking over larger portions of their IT security budgets to better combat homegrown threats.

According to a recent report from DTEX Systems, insider risk management on average made up 16.5% of a company’s overall IT security budget in 2024, up from 8.2% in 2023. The majority of companies surveyed (81%) said they either currently have or plan to have an insider risk program.

The report, which was independently conducted by the Ponemon Institute, surveyed 8,306 IT and security professionals from 349 organizations in North America, Europe, the Middle East, Africa, and the Asia–Pacific region. It defines insider risk as harm inflicted by an insider that’s both malicious, such as IP theft and fraud, and non-malicious, such as falling victim to advanced phishing attacks.

Of those with an insider risk program, more than six in 10 (65%) said the program was the only security strategy that allowed them to preempt a data breach. The average time to contain an insider incident fell to 81 days in 2024, down from 86 days in 2023.

Read the rest here.—BM

The government saw two old hands return, a food franchise made a lateral move, and a Cisco vet transitioned to network security—this was February in the tech corner offices.

New Panera CIO runs on Dunkin’

Santhosh Kumar is the newest CIO for Panera Breads, the company announced on February 6.

Kumar comes to the company after over three years at United Natural Foods, where he was SVP and CTO. Prior to that stint, he spent nearly 16 years at Dunkin’, most recently as the chain’s SVP of global IT. With 2,200 Paneras across the US and Canada, Kumar will manage tech for a large number of franchises.

Read more here.—EH

Somewhere in Mastercard’s St. Louis Tech Hub, Deputy Chief Security Officer Alissa Abdullah can be found working on ways to secure the things that Mastercard consumers want, and what they don’t realize they want yet.

At the global payment solutions company, Abdullah—who also goes by “Dr. Jay,” a nod to both her PhD in IT management and her time as Jimmy Jay, her persona from when she served as a radio DJ—is a “cybersecurity futurist.”

“I think about the future and the future adversary and then I think, how do we prepare ourselves in that type of ecosystem?” Abdullah said. “How do we prepare ourselves? How do we prepare our customers?”

IT Brew caught up with the radio DJ-turned-security professional to discuss her role at Mastercard and how she navigates blending cybersecurity with evolving customer preferences.

The conversation below has been edited for length and clarity.

What were some of your greatest achievements in your first few years at Mastercard?

I would say one of my biggest impacts has been zero trust. That is something that’s been in the industry for a while, but it was coming in and saying, “We have to make sure that zero trust is embedded in our DNA.” The adversary is attacking us constantly. We’ve got to flip that on its head, and say, “I’m going to build a network and an infrastructure where nothing is open.”

Keep reading here.—BM