LPRC - CrimeScience – The Weekly Review – Episode 122 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio
Episode Date: September 30, 20222022 LPRC IMPACT is Next Week & the LPRC Team is ready! In this week’s episode, our co-hosts discuss the IMPACT Conference and great preparations taken, Hurrican Ian and the forecasting of effects f...rom the storm, Morgan Stanley selling personal information on hard drives, the best apps to predict severe weather, a look at 2022 Holiday shopping season, and a look at the way the economy is affecting retailers! Listen in to stay updated on hot topics in the industry and more! The post CrimeScience – The Weekly Review – Episode 122 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi, everyone, and welcome to Crime Science. In this podcast, we explore the science of
crime and the practical application of this science for loss prevention and asset protection
practitioners as well as other professionals.
Welcome, everybody, to another episode of Crime Science, the podcast from the LPRC.
This is the latest in our weekly update series, and today I'm joined by co-hosts Tony D'Onofrio
and Tom Meehan and our producer Diego Rodriguez.
And we're going to kind of go around the world here and take a look at things that are affecting good, bad and not so good.
The world of retailing. And we'll start off with just a very, very brief mention today of COVID-19.
It continues to wane. You know, I think I got a bout of it finally couldn't keep
in front of it for two and a half years, went on the road, uh, and, uh, presumably maybe during
GSX or something, got it for me, it was a day and a half of fever and, you know, slight headache,
uh, and then now some continuing congestion, but, uh, I've been pretty, pretty fortunate. Um,
and, uh, as far as my bout with it, but it was kind of a weird feeling to look at a positive test after through the University of Florida and other testing, probably, who knows, 200 tests that were negative.
continue 120 different new versions of vaccines, which is, again, we're all been hoping for,
so that we can move on as a world together. But we'll see. 53 are in phase three, so hopefully one or more of those turns out to maybe provide a little more initial protection on top
of serious disease protection, which was evidently the main aiming point here for those
vaccines. Moving over to more recent news also, we're now in the midst of a hurricane. We were
just talking about all the tropical storms and tropical depressions, but we always take them
seriously, even being a seventh generation Floridian. I've seen a lot of destruction, a lot of damage, a lot of even some death.
And you got to take this size and fury of a storm and the flooding and the electrical wires and, you know, just the falling trees, everything.
Even embedded thunderstorms with lightning and tornadoes that come from these hurricanes very seriously.
And so we do.
Our team is preparing today to be our last day in the labs, even though we may still
be here tomorrow, depending on how this thing tracks, today being Tuesday.
But the other part of this news is that we're hoping that the storm's minimal damage and suffering uh and then also
moves on out of here so that we can hold 2022 lprc impact and um the way all the tracks are and these
things are you know i've heard it described as watching a turtle move towards you uh that you
know hurricanes don't move that rapidly and it's kind of wild as you sit there and track it and prepare.
Also, knowing there's nothing you can do about it, about its path, only some of the aftermath, that it should be up and well out of the state of Florida.
By the time most people would be flying into Gainesville or anybody be flying into Gainesville for impact or coming into Jacksonville, Orlando. Orlando would have been two or three days clear of the hurricane, and Jacksonville probably a day and a half to two days plus clear of the hurricane or any storm. By the time it hits North Florida, typically,
if it does come this direction, they are still hurricanes sometimes, mostly tropical storms by this point.
So the effects could be very, very minimal.
They could be more.
We'll have to see.
The University of Florida did cancel classes starting tomorrow, Wednesday through Friday in an abundance of caution. And I know down on the west coast of Florida in particular, they canceled classes starting yesterday, Monday.
So people are bracing for Hurricane Ian.
And we've got out-of-country as well as out-of-state visitors coming in for impact.
So we're fielding some questions.
that the track looks like even in the most conservative estimates that the storm would be well clear of this area well before they would be in here, coming in here and not seeing
anything on the horizon yet as far as their storm, at least in our time horizon.
So going over to impact, we'll take a very quick run through, but it's a really neat
event. This team has just put in untold effort, a lot of very
smart planning, drawing on documents. We've got a planning committee that's been helpful,
particularly retailers that have been through impact with us over the last few years. And again,
we had to draw on 2016, 17 19 uh physical on campus impacts since the last
two that we put on while uh very very successful were of course virtual so um not a single person
on the team except myself uh has been through a physical impact incredibly uh And we've expanded from what we used to have 16 members to we've got 12 full-time
or equivalents here. So that's what that's been interesting to go through all that and look at
what written or digital records existed for them to pull on as far as how many meals to order.
Some of those grinding details are so important for a good event. And I know Chad and Diego and the team talk about food, fun and content. And they want all three of those to be course, Monday being a real varied but exciting day.
Depending on water, standing water on the golf course, there's still a whole charity golf
tournament event at Ironwood Golf and Country Club. And we've got a record number of participants.
They've raised a lot of funds for the Gainesville Police Department's BOLD program,
which is really a neat program to support some youth that have been in trouble, that are looking
for direction. And they've got police officers from that particular African-American community
acting as strong mentors and guides for them. So we're excited always to support both. We've got our
board chair meeting. We've got our overall board of advisors meeting on that Monday, October 3rd.
Next Monday, we've got LPRC Innovate, our advisory panel of 30 retail chains. and then we've got a handful of solution partners that are helping us fund,
innovate, and so that we can bring on a data scientist in addition to another research
scientist. So, excited about that panel. We've got Strategy At this year coming up at that 3.30
on Monday, and that is where we're going to get together with Jamie Kraft from Warrington College
of Business at the University of Florida.
He is an amazing human centered design thinking and strategy and planner extraordinaire.
So he's going to be working with a group on that and strategy.
And that'll be the board of advisors and the innovative advisory panel.
And ones are, I think, some of those sections that will be in there going through that on that Monday at
3.30. Our evening reception and registration for LPRC Impact starts at 5 p.m. All this will be at
right now the UF Innovate Hub, which is where our six physical labs exist. And we also will have
the tour. So we'll have tours all throughout the
interior labs as well as the four square block uf safer places lab environment
outside so we're excited about tents music good food and beverages great
company all on that Monday you know the the second is really our big event kickoff at 8.30. We've got impact kickoff.
We've got a founder celebration. Some of the founders of the LPRC from the 2000-2001 period
will be here and participate with us, share their recollections. What was the vision then?
What has it brought us to now? And then we'll talk a lot about where we headed
as far as curtailing theft, fraud, and violence to enable these enterprises going forward. We've got a solution center experience that we'll do a few times here, and that's where you'll see all the
tables, the booths set up in the RION ballroom, because we've got two ballrooms there at the
University of Florida Rights Union where we hold the overall LPRC impact event. So you'll see everybody coming together there.
Great. Once laid on, we'll be going through the 31st National Retail Security Survey. Again,
a reminder, myself and Dr. Bart Weitz started that project and program, and Dr. Hollinger joined us
Started that project and program, and Dr. Hollinger joined us way back when in that 1989-90 time period to form the first NRSS, or National Retail Security Survey. This is now going to be going on 31st year.
Dr. Corey Lowe is heading up the team.
the team. He'll be speaking with a national retail, excuse me, he'll be speaking with an NRF representative from the National Retail Federation, and they're going to be going through the latest
study and talking about it with some of the LP leaders, VPs that are on the research committee
for NRF. We've got a couple of neat Lenovo panels on AI, one on day one, one on day two with some stellar innovation people from CBS and beyond.
So look forward to that with NVIDIA. Lenovo will be there, as we mentioned, EverSeen and so forth.
Some cutting edge technology discussions. But with a bent board, how do we now practically assess and deploy some of these technologies, not just talk about them and think about them and so on, but really talk about how to engage.
And these also will set up a pathway to LPRC Ignite coming up in the first quarter of 2023 in Gainesville, which we're going to have a lot more to say about that later.
which is we're going to have a lot more to say about that later. So a lot going on. We've got more content than ever at impact this year with all the learning lab breakouts around theft,
fraud and violence. We've gone about gone through those before. We'll talk about them again later.
But on day three, we'll also have after everybody gets back from the evening before the Champions
Club tailgating event, we'll go through some more yesterday, today, and tomorrow, the foundations of LP intelligence.
There's some really interesting stuff online, how to find a lot of intel, counterintel that are out there about the retailers, ways to find out what they're saying about us and how to use that.
Active shooter, early threat detection.
We've got a great group lined up on that. The same thing with body-worn cameras, research and
development. We've got two retailers experimenting. We're going to go through what we're going to be
doing at LPRC with a whole bunch of other retailers and Rela and others. So excited about what's going
to be happening and coming up. There'll be at ballyhoo dinner that wednesday evening for those that are in gainesville and they would like to join us it's
kind of a uh come one come all uh some somewhat quasi-informal event so um let me do this let me
turn this over now to tony but just tell you how excited we are for the 2022 version of impact
tony thank you reed and it sounds like an exciting impact,
and I'm actually looking forward to being there with all of you and re-engaging again. It's good
to be live, and sounds like it's a really good action-packed agenda, so congratulations to the
team on the great work, and let's go LPRC. But this week, I want to focus on a new article that I just published this morning on the latest 2022 holiday season retail forecast.
Even though it's early fall, it is beginning to look a lot rush and probably there will be limited supplies because a lot of chains are already having all their Christmas stuff up.
Typically, this time of year, all the analysts publish their forecasts and the keywords that are bubbling up as I analyze all of them.
And I would consider this a cloudy forecast because of all the economic uncertainty.
But the key words are early, inflation, recession, discounts, and the continuing battle between physical and digital retail.
And I do believe that timing of the economic cycle will potentially lead to more winners than losers this holiday season. COVID-19 has moved
to the rearview mirror and has been replaced by financial headwinds. In fact, concerns related
to COVID-19 have decreased significantly from 52% in 2021 to 16% this year, while the financial concern has surged to 153%.
So here are some of the key stats that were published by many analysts in terms of what's
going to happen this holiday season.
Bain & Company forecast that retail holiday sales will increase 7.5% above the 10-year
average of 5%. However, when you factor inflation,
real growth will range between 1% and 3%, which is below the 10-year average. Total sales will
reach $915 billion, with 72% taking place in physical stores. Individuals with income ranging from 50K to 100K plan to spend more, while higher income
people are more reserved and have less confidence this holiday season in their shopping patterns.
Some of the headwinds include comparable growth to the previous year, which Bain reported
had a 13 percent growth,
which was the highest in 30 years. Interest rates keep going up, higher debt, and the ongoing
supply chain challenges are the micro headwinds that really continue, macroeconomic headwinds
that continue. But on the other side, unemployment is only at 3.7% in August.
Wages grew 4.4% in the same month. Inflation is increasing nominal growth and cash in checkable
deposits are nearly 4x pre-pandemic levels, and they are the bright spot. So consumers have money.
levels, and they are the bright spot, so consumers have money. Similar holiday forecast for MasterCard,
holiday sales excluding automotive are projected to grow 7.1% compared to their reported growth of 85%, 8.5% in 2021. E-commerce growth continues to accelerate, reaching 19% of total retail sale.
continues to accelerate reaching 19 percent of total retail sales. MasterCard predicts that physical stores will increase their sales nearly eight percent and in-store physical shopping in
store from January to August represented of 80 percent of total retail sales so we like
our physical stores. The sectors that will lead this holiday season are apparel and luxury, which will have 4.6% for apparel and 4.4% growth for luxury.
And that's good news because those were hard hit during the pandemic.
And higher interest rate, of course, continue to have a negative impact on the economy.
And higher interest rate, of course, continue to have a negative impact on the economy.
Salesforce.com projects that online global holiday sales will remain flat, reaching $1.1 trillion worldwide with $265 billion in the U.S.
Digital sales will continue to dwarf pre-pandemic levels.
Inflation will negatively impact spending worldwide.
While online prices grow 7% compared to 2021 and 15% compared to 2020, consumers' total iron-on orders are going to drop 7% when compared to the 2021 holiday season. So we're going to be putting in fewer orders online because of all the economic headwinds. Fully 10% of profits of retailers are
at risk this year because of increased costs from suppliers, labor and transportation,
and the outpace, really the retailer's ability to actually catch up to those.
Good news on sustainability.
The majority of shoppers will seek options this holiday season to do that.
Salesforce reports that despite the preference,
only 23% of brands promote and offer sustainable options in the shopping journey.
Some other interesting stats that are important as we get to the holiday season.
59% of consumers or nearly 60% of consumers are stressed about the holiday spending because of inflation.
Same survey indicated that shoppers plan to spend less on gifts this year, with 73%
they are watching their spending more closely in 2022. A CNBC poll indicated that more than
half of consumers are either are somewhat very concerned about staying within their budgets,
and 80% expect to be affected by inflation. 52% of respondents to this survey said
they also, it will be harder for them to afford the holiday gifts this year. Lots of indicators
from surveys that consumers are shopping early. 77% said they purchased holiday gifts during Amazon
Prime Day and other competing events offered to retailers in July.
So we started shopping for Christmas gifts in July. This is the earliest that I've seen, but
looking at what my wife is doing here in my home, we are indeed shopping very early for holiday
gifts. Digital and loyalty will be just as critical. Only 4% of shoppers did not use digital
channels. Last year, 61% of consumers joined the loyalty program to receive a discount during the
2021 holiday season. Discounting is expected to continue into the holiday season with 73% of retailers telling KPMG that stores will be more promotional
and 21% stating that they plan to be even more promotional.
Even as retailers project a positive holiday season, 92% expect a recession in the near future,
expect a recession in the near future. 81% expect it to be a year or less. To prepare,
52% plan to cut indirect expenses and 42% will invest more in royalty, reduce direct expenses and inventory. 56% expect to be stuck with excess inventory after the holidays. According to eMarketer, the 2022 holiday season outlook is solid,
but retailers will need to adapt to a fundamental realignment to the shopping season. Two seasons
of pandemic-driven holiday shopping will result in lasting changes to the holiday promotional
calendar and reset consumer expectation around when we shop for the best deals.
The 2022 holiday season will be longer and flatter with less concentration spending during the high
cyber five-day period around Thanksgiving. As one of the analysts from Salesforce said,
for retailers, 2022 is about playing the long game. Economic challenges and
shifting consumer preference mean that you need to lead with a data-driven strategy,
and it will be critical to really respond to what consumers are doing real time.
And while we can't stop inflation, we can recession-proof our
business by improving profitability and solving for operational efficiency. I bring that up
because that's a lot what LPRC is focused on, is helping retailers with data-driven strategies
and helping improve their operational efficiency. So in my view, summarizing the future of retail is going to include strong brands
delivering immersive consumer experience, which will be increasingly digitally influenced.
This holiday season will severely test our execution in responding to the economic headwinds.
economic headwinds.
Winning retailers will focus on loyalty to engage consumers for this and reach a more profitable retail holiday season as a result.
So some good data I had in terms of what's going to happen and for retailers to prepare.
But one key message that I put actually in the headline, if you want to win
this holiday season as a consumer, shop early. And with that, let me turn it over to Tom.
Well, good morning, everybody. Thank you, Tony. Thank you, Reid. Wanted to
cover a couple things today, and I'm going to be brief. I am traveling out and about, and
a lot is going on in the world today.
But I wanted to start with, you know, just the weather events occurring. So we are in
hurricane season. Hurricane Ian is hitting Florida right now in a strong fashion and thought it would
be just a great time to remind folks about some of the weather apps that are out there that really
can help you. I think most,
if not all of the major news outlets have a weather form app, which is good for information.
But then if you're really into the detailed radar information, let's go through a couple
of highly rated apps and apps that I use on a regular basis to help kind of monitor what's
going on. First and foremost, my favorite app is called MyRadar.
This is available on Android, iOS, and Windows,
and there's both a free ad-supported version
as well as a premium paid version
as well as an even higher premium paid version
with some subscription models.
And this is an app that not only does forecasting,
really, really advanced radars,
weather, storm tracking, live lightning traffic, and also has aviation layers available. So
probably one of the more advanced apps out there, but also allows for anybody to really consume the
data in real time on all three platforms, which is also something that makes it unique in the
sense that when you get comfortable with the app, in some cases, I'm not something that makes it unique in the sense that when you get comfortable
with the app, in some cases, I'm not sure that you need another app after that. My other kind of
favorite radar-based app is an app called Radar Scope. Radar Scope is a paid app. It is available
on iOS, so iPhone and Windows. Much more radar driven, a little bit more sophisticated,
less forecasts, more radar. In actuality, I think you can get almost all of the features in MyRadar,
MyRadar app. I think Radar Scope has a couple of more high-end radar features and going down the line in
the radar world there is an app called radar omega radar mega is also available on android ios and
windows this is a again a freemium app where most of the more advanced features require a
subscription this is probably the most advanced radar app that's available for the
public. It's as close to a professional radar app that I think that's available out there and will
definitely take some learning but does modeling and a whole bunch of other things. And then last
but certainly not least, go to the basics of the Weather Channel, Fox Weather, CNN Weather. There
are tons of information out there when we're in these weather events.
I think if you're monitoring emergency situations, all of these apps are useful.
If I had one to pick out of the group, I think MyRadar is the one that has the most well-rounded, professional, high-end features as well as basic features.
You might not be a weather nerd.
You might not be the person that wants to get super technical.
I think Radar Pro covers both gamuts of that.
MyRadar covers both gamuts.
MyRadar Pro is the paid version.
If you are a little bit more into it,
I think Radar Omega really drives that modeling
and forecasting at a very, very professional level.
So I thought it was important to mention that.
And then I think it's also important to mention that Twitter is a fantastic place
to get live weather information where when you're thinking about all of the news reporters,
all of the radar and weather buffs, as well as um the major associations as well as the major uh press associations and
the weather services all use twitter and so that is a place where if you spend a little bit of time
you can probably get just about everything you need around uh weather in in a place where you
and in a place that is singular and free. So I think it's something that I would definitely,
definitely recommend. And then if you're specifically looking for hurricanes, there are
apps called Hurricane Tracker and Hurricane Tracker Pro. The thing about those apps is what
I think you will see is most of it is publicly available on the internet. This is just putting
it all in one stop.
So I think that all of these things are helpful.
But if you're looking, a low-cost app, MyRadar Pro,
or MyRadar Pro, and then Twitter as the alternative.
So hopefully everybody who's in these storms and these hurricanes is staying safe.
And hopefully these apps will help
you if you're managing a SOC or an emergency situation with getting more real-time information.
Switching gears just a little bit, I'm not going to spend as much time as I usually do on
cybersecurity and risk this week, but wanted to talk about a couple stories out there.
One is that while this is not a new thing, the Suffolk County court system suffered a ransomware attack.
I would call this more of a cyber incident than just a typical ransomware attack,
which led to leaking of personal court documents. Stuff I saw was almost all traffic related, but
this is a fairly wealthy county in the state of New York, I think has the highest paid police department in
the country. A lot of information out there, relatively locally spread information. But what
it kind of calls to is the consistent challenge that cyberinsurance and ransomware are taking
on folks, both in the private and public sector. Not going to spend a lot of time on it, but just
thought it was pertinent.
For those of the folks on the podcast that use WhatsApp,
I use WhatsApp to do a lot of international conversations.
WhatsApp has a zero-day vulnerability.
Remember, we talk about zero days all the time.
It's a vulnerability that wasn't known,
that was in the code,
that allows some malicious activity.
Very simple thing here, like we always say, is patch
and update regularly. Do not wait to put those updates in. I cannot stress that enough. If there's
an update available, update the software. It is the quickest, easiest way to deal with these
vulnerabilities. A lot of larger companies have patch days where every certain day of the week they do patches.
A lot of times it's a Tuesday, patch Tuesday.
But I think this is just another message of we continuously hear about zero-day vulnerabilities.
And this isn't going away as we become more and more reliant on communication tools and software.
And, you know, yes, I think we're at the point where we're pretty reliant. I think we will
continue to see these things and the message will be continuing to use the things out there with
updating and patching regularly and not waiting. Big news, interesting case, Morgan Stanley was
fined millions of dollars for selling hard drives full of PII. So this is one of those things that
when we talk about when you're dealing with PII, sounds like it's an obvious one, but could really
happen. A lot of companies recycle and sell off their old equipment. And this came through,
and actually the SEC did a post on Twitter about this and basically said they announced the fines or charges against Morgan Stanley's firm for what occurred.
So just a reminder, if you're destroying anything technology related, make sure that you have a protocol or process in place to remove that data.
And for everybody listening here in the security world, if you're alleviating older video equipment, make sure there's a process
to get rid of the video. I think it's just a reminder here. I don't necessarily have all of
the details, but there was personal information on there. And I think that, that I think this is
just one of those stories to serve as a reminder for all of us that, you know, when we're, when
we're dealing with customer data, personal information,
that we need to be reminded that just do that double check. And then last, and I think,
but certainly not least, and there will definitely be something I follow is there is
really a highly dangerous malware that's making the rounds all over the world for the last couple of months. And
malware is, you know, malicious software or code that's executed. Um, Erbium is the name of it.
It targets stealing passwords and screenshots. So this is a really, really interesting, um,
malware because it takes kind of a new and old approach. So what it's, you know,
predominantly financial stealing. So Bitcoin wallets, crypto wallets, but also credit card
data. And while, why this is so, um, interesting is because with password stealers and screenshots
is it's not doing much from a code standpoint on your machine except for taking those
very, very small bits of information and sending it. So one thing that, you know, we talk about
here on the show is, you know, good password hygiene and using two-factor authentication keys.
The thing with this that's very interesting is that, you know, it's getting all of the information
that you're sharing. This is not a new phenomenon in malware this is something that we've seen before
but this happens to be uh making a lot of a lot more rounds if you will than we've seen recently
if if you want to make sure that you're not at risk you know you know, one thing is don't download illegal files. This is, you know, in a
lot of games and bots that are downloaded illegally. It is a real good idea to stay vigilant and have,
you know, a common and real antivirus software. What do I mean by that is make sure it's one of
the major players, keep updating that software, keep running it. I think there has been a rash of people saying if
you have, excuse me, if you have fully patched computers, that there isn't a need anymore for
antivirus software. I think that's inaccurate. I think fully patched computers are a necessity
today. But antivirus software looks for strings and software keys that have been seen before.
So if you aren't checking daily, I would do that.
If you have kids in the house that are using a computer and could potentially be downloading illegal or pirated software, I would absolutely look at this because it is for sure looking for information.
This is predominantly malware targeted within games.
So I think that's important today, but just a really, really prolific and massive attack that's
occurring. So stay safe and patch, make sure you have antivirus software. But again, it reminds me
to when we talk about children on our computers, why we say so much not to cross over your work and your home computer and to have conversations with your kids.
And when I say downloading illegal software, I think it's important to note that your child could be doing nothing nefarious, not downloading something they shouldn't be.
And a friend could be saying hey i've got this software
here take it um use it or going over the house and saying let's play together um i have children
that are of the computer age and i'm constantly reminding them and just a few weeks ago we had a
sleepover and one of my computers is not locked down for children It's just kind of open and clear. And my son's friend went on
and downloaded a whole bunch of things.
And while they weren't nefarious or illegal,
they were things that I would normally
not want on the computer.
And it reminded me of this story
when I went out and did it.
If you're like me and you're in the technology space,
you might have three or four machines at your house.
Your kid's highly likely to have a machine or a PC that they're using for school. And it only takes
a few seconds for this to occur. And this is a perfect example of my son knowing what he could
and couldn't do and said, hey, I thought it was fine. He told me. But the key is it could have
very easily been or could very easily infect this computer with malware
based on what occurs. So it's a stark kind of reminder for folks of why it's so important to
keep your personal computer and work computers separate and also what could really occur in the
real world. And with that, I will turn it over to Tony and Reid. All right. Well, thank you so much,
Tom. Thank you so much, Tony, for all that great information.
And I just want to say thank you to Diego for the production of this crime science episode in our series and to each and every one of you all for listening and tuning in.
And, you know, God willing, here we go. 2022 LPRC Impact Monday, October 3rd through the 5th here in Gainesville, Florida. Let's hope that
this thing goes and goes well. Right now, we're full steam ahead. So stay in touch and stay safe.
Thanks, everybody.
Thanks for listening to the Crime Science Podcast presented by the Loss Prevention Research Council.
If you enjoyed today's episode, you can find more
crime science episodes
and valuable information
at lpresearch.org.
The content provided
in the Crime Science Podcast
is for informational purposes only
and is not a substitute
for legal, financial,
or other advice.
Views expressed by guests
of the Crime Science Podcast
are those of the authors
and do not reflect
the opinions or positions
of the Loss Prevention
Research Council.