The rise of ransomware and malicious cyberattacks in the past decade has driven the criticality for all businesses to expand their cyber programs to provide better, layered defenses. According to a 2024 cyber threat report by SonicWall, ransomware attacks saw a 105% increase worldwide in 2023 — and there is no sign of slowing down. As attack vectors continuously evolve in complexity and quantity, utilities’ defenses must do the same.

Ransomware attacks on utilities have increased by 50% in the last two years, according to NextGov.com. Bad actors recognize energy is a core business product, and without it, people’s lives are greatly impacted. As critical infrastructure with a target on them, utilities know every network, application and device must be configured with cybersecurity in mind.

In today’s tech-savvy workplace, the challenge lies in balancing new capabilities that improve productivity (for example, data sharing, interconnected systems and cloud computing) with mitigating the risks associated with those activities. To meet the modern demand, many organizations, including Unitil Corp., have adopted a defense-in-depth security program. Defense-in-depth security combines technology components with best practice security management to create protective layers that reduce the risk of attacks and intrusions. There is an expansive amount of detail and effort that goes into
a strong defense-in-depth strategy, but these efforts can be distilled into four main components: technology, people, monitoring and response, and program management for continuous improvement.