Latest news with #HarazGhanbari
Yahoo
6 days ago
- Business
- Yahoo
Ohio lawmakers want local governments to create cybersecurity plans
Government requirements and culture can make upgrading aging computer systems difficult, experts say. (Getty Images) Ohio House lawmakers got a stark warning Tuesday from a leading cybersecurity firm: potential threats are changing 'dramatically' in terms of 'sophistication, speed and complexity.' The presentation came on the heels of lawmakers introducing a bill requiring municipalities to develop their own cybersecurity policies. House Bill 283 is a response to wave of cyber-attacks aimed at relatively low-level government agencies. The bill's co-sponsor, state Rep. Haraz Ghanbari, R-Perrysburg, explained in April last year, the state auditor reported at least 23 cyberattacks against government offices in the last 12 months. 'In Licking County,' Ghanbari added, 'just one attack resulted in the theft of more than $700,000.' The measure directs local governments to review their systems and identity risks and detection strategies. The also have to develop training programs and create plans for repair, and response and in the event of an attack. Ghanbari's co-sponsor, state Rep. Adam Mathews, R-Lebanon, said locals would have to inform state safety officials within seven days and the state auditor within 30. 'This will ensure prompt and accurate information is relayed to the proper authorities involved in the response,' he said. The proposal also puts added pressure on local response to ransomware attacks. Under the proposal, Matthews said, municipal governments would be prohibited from paying a ransom unless it 'formally and out in the open' approved legislation to that effect. 'This requirement bolsters transparency and ensures constituents are both aware of the incident's occurrence and have an opportunity to provide feedback on the best use of their taxpayer dollars,' he said. Thomas MacLellan from the cybersecurity firm Palo Alto Networks, told lawmakers that governments, agencies and businesses aren't defending against a random hacker. 'Ransomware is now a business,' he said. 'It is a business where they actually have help desks.' And just as the sophistication of attacks has grown, so has the speed. 'In 2021, it took about nine days to exfiltrate data,' he said of bad actors removing information. 'In the latest attacks now leveraging artificial intelligence, it literally only takes hours.' Beyond these kinds of ransom attacks, where an actor holds critical data or access hostage in exchange for money, MacLellan described several other threats, including attackers exploiting industrial control systems. 'Those are the things, the switches that turn on things that are connected to the internet,' MacLellan said, 'that turn on bridges and dams and traffic lights and hospital systems.' SUBSCRIBE: GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX In terms of preparing for attacks, he suggested state lawmakers get a security firm on retainer. 'You need a bat phone,' MacLellan said, 'to be able to pick up and say, we need some help, because we are overwhelmed, we've been hit by something.' Notably, Palo Alto Networks could be the one on the other end of that phone line. He also argued the state needs to be aggressive about understanding and monitoring its exposure — what MacLellan termed 'attack surface management.' A computer, router or other piece of hardware running out-of-date software could be a vulnerability, he said, and organizations need to make sure to find and fix those problems. MacLellan added that some states have begun developing joint security operations, effectively a state-run cybersecurity team to protect state and local governments in the event of an attack. He repeatedly argued the biggest challenge in cybersecurity is workforce; centralizing talent could allow for greater reach and impact. State Reps. Ismail Mohamed, D-Columbus, and Ron Ferguson, R-Wintersville, asked HB 283's sponsors about a statewide approach to cybersecurity planning. 'Why isn't there a centralized place,' Mohamed asked, 'instead of requiring each subdivision to have their own cyber program?' Ghanbari and Matthews said they would leave the finer points up to local governments to maintain local control and allow greater flexibility. Highlighting a well-publicized cyberattack against Columbus last year, Rep. Christine Cockley, D-Columbus, asked about the cost prevention compared to the cost of response and recovery. She noted the city has faced significant costs investigating what happened and providing safeguards for people impacted by the breach. MacLellan acknowledged he didn't have hard and fast numbers to offer, but said 'when you begin to look at the cost of remediation versus the cost of actually putting together a good system, the delta is pretty significant.' SUPPORT: YOU MAKE OUR WORK POSSIBLE SUBSCRIBE: GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX
Yahoo
30-04-2025
- Business
- Yahoo
New Ohio law aims to crack down on organized retail theft
COLUMBUS, Ohio (WCMH) – Individuals who are caught stealing from Ohio stores as part of an organized crime ring will now face increased penalties, thanks to a new law that went into effect this month. House Bill 336, named the Fight Organized Retail Crime and Empower Law Enforcement (FORCE) Act, created a felony offense of organized retail theft in Ohio. The crime involves people coordinating the theft of merchandise with the intent of reselling it or otherwise using it for financial gain. Watch a previous report on organized crime rings' effects on central Ohio in the video player above. Ohio Supreme Court reinstates law banning trans healthcare for minors 'Organized retail crime represents an economic challenge for Ohio, amounting to billions of dollars in losses,' said Rep. Haraz Ghanbari (R-75th District), the bill's sponsor, at an introductory hearing last year. 'The repercussions of such crime extend beyond financial losses. Increased criminal activity disrupts businesses and threatens the safety of consumers and employees alike.' The Ohio Council of Retail Merchants estimates that organized retail theft costs businesses in the state $2 billion to $3 billion annually. To offset the losses, some retailers may raise prices. The statute, which went into effect on April 9, classifies organized retail theft of a value less than $750,000 as a third-degree felony, a value between $750,000 and $1.5 million as a second-degree felony, and a value more than $1.5 million as a first-degree felony. When determining the retail value, the cost of all property stolen from one or more establishments by a person or group within any 12-month period may be considered. 'These criminals rely on safety in numbers, but it's a false sense of security,' said Ohio Attorney General Dave Yost, whose office worked on the legislation. 'We now can charge them as a group, making it easier to convict and imprison thieves who target retailers as part of a crime ring.' The law established a task force under Yost's office to investigate retail theft across the state, assisting local law enforcement and prosecutors. In Ohio, any person making retail sales subject to sales tax must obtain a vendor's license, which has a fee of $25. The law raised that fee to $50 to help fund the task force. Ohio lawmakers seek to put an end to police quotas Throughout the legislation's hearings last year, multiple retailers, including Walgreens, Target, JCPenney, Walmart and Meijer, testified in support of the bill. 'Walgreens has experienced a significant increase in product loss in Ohio and across the country over the last several years,' Walgreens major crimes investigations manager Bryan Lindsay said. 'Organized Retail Crime not only results in substantial financial losses for businesses, but also jeopardizes the safety of employees and customers.' The statute also attempts to crack down on porch pirates by creating the offense of mail theft, which is generally a fifth-degree felony but can escalate to a first-degree felony depending on the value of the stolen mail. It additionally targets repeat theft offenders, setting a minimum fourth-degree felony charge for thefts committed by residents who have a felony theft conviction within the previous three years. Zachary Miller, with Ohio's Office of the Public Defender, was the only person to testify against the bill. He expressed concern about how the legislation may impact those who struggle with substance use and commit theft, but are not part of an organized crime ring. New development denied at site of Pickaway County farmland 'As the provider of legal representation for indigent Ohioans accused of a crime, we believe HB 366 will disproportionately impose unduly harsh sentences on those accused of low-level theft, especially those struggling with substance use disorders,' Miller said in December testimony. As of January, 28 states have established criminal laws focusing on organized retail crime or enhanced penalties for those who steal repeatedly for the purpose of reselling stolen goods, according to the National Retail Federation. HB 336 was introduced in December 2023 and signed by Gov. Mike DeWine in January. It passed the House 83-6 and the Senate 30-0. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
