LPRC - CrimeScience – The Weekly Review: Episode 16 with Dr. Read Hayes, Tony D’Onofrio, and Tom Meehan
Episode Date: July 23, 2020In this episode of LPRC CrimeScience: The Weekly Review, Dr. Read Hayes, Tom Meehan, and Tony D’Onofrio discuss LPRC initiatives, face masks, the retail data this week, store closures, inventory dis...tortion, supply chain issues, NRF’s shrink survey results, open-source intelligence, hacking trends during COVID-19, multi-factor authentication, and much more. The post CrimeScience – The Weekly Review: Episode 16 with Dr. Read Hayes, Tony D’Onofrio, and Tom Meehan appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi everyone, welcome to Crime Science.
In this podcast, we aim to explore the science of crime and the practical application of
the science for loss prevention and asset protection practitioners, as well as other
professionals.
We would like to thank Bosch for making this episode possible.
Use Bosch Camera's onboard intelligent video analytics to quickly locate important recorded
incidents or events.
Bosch's forensic search saves you time and money by searching through hours or days of
video within minutes to find and collect video evidence.
Learn more about intelligent video analytics from Bosch in zones one through four of LPRC's zones of influence by visiting Bosch online at BoschSecurity.com.
All right. Welcome, everybody, to another episode of Crime Science, the podcast.
This is our special weekly series.
I'm joined today by my colleagues, Tony D'Onofrio and Tom Meehan and our producer
Kevin Tran. We'll go ahead and get started and talk a little bit about, like we have for too
long now, and that's COVID-19. We know that the SARS-CoV-2 virus continues to spread in the United
States and around the world, especially here in Florida,
where I am, and Arizona as well, I understand. But there's the mask wearing, there are more and
more studies keep emerging, I see weekly, around how that blocks the virus. That's why surgeons
wear masks, so that if they have a virus or they're spreading it, or they are bacteria ridden,
and they're not spreading that to the patient. So we know that that seems to be the answer is blocking the water droplets that carry the virus.
We've learned more and more about the vaccines, at least over 165 in production right now.
Our understanding is the one that the U.S. has teamed up with Moderna on,
that that vaccine went from identifying the genomic profile of the SARS-CoV-2 virus put out by China,
verified, and then in 62 days, they had the molecule or the virus, or excuse me, the vaccine developed so that they could start doing
heavy intensive testing on that and then some other versions. And that's just one example. But
the technology evolution has just been incredible. Now, it's taking too long for all of us. They're
waiting for some therapeutic and vaccine relief, of course, but something that normally takes years.
relief, of course, but something that normally takes years. It's incredible, just two months. So we know that there is an Oxford vaccine that they're doing with AstraZeneca, that that is
in phase three trials that phase one and two seem to be very successful so far. Again, we know it's
not over till it's over,
but that they're getting dual signals. You know, you're looking for some signal that the,
not just binding antibodies like we've talked about, but that there are neutralizing antibodies
and they're generated, that the body generates enough of them to be efficacious or destroy the
virus, clear the patient. But they're not only getting the antibodies,
and particularly the neutralizing antibodies, they are also generating killer T cells.
And those may be more durable. In other words, may maintain more immunity for us than just an
antibody response to a vaccine. And again, the vaccine is designed to trick the body, trick us
into thinking we've got the virus and generate all the protection. And then when we're exposed to a
infectious dose or load, which hopefully if everybody's wearing masks, we won't be,
we may be exposed to some virus, but not an infectious dose and certainly not a serious one.
So I think that's some good news right there is looking for
that durable response. They're trying to look at the, can people be reinfected? I think that
the main players in the United States are still very skeptical that people seem to retest positive
that there have been those reports anecdotal around the United States and the world, but
that maybe that's not happening. There's, you know, nobody knows for sure yet, but rather RNA remnants are there and,
or there's still some virus, but it's just as they call it. It's not a replication,
replicating itself. It's a replication incompetent, as they say. So stay tuned as 165 known vaccines continue to move their way through the phase one, two, and three trials.
Looking ahead to the LPRC and what we're trying to do here to continually support our community, we've got another upcoming call planned.
We don't have the date certain yet, but we're working on the outline right now.
Of course, it'll be a combination of routine protection, asset protection, obviously COVID-19 and going around the room, if you will, with retailers and understanding sort of their current state of affairs.
sort of their current state of affairs, but doing some lessons learned on both COVID and on the looting situation that we have seen and continue to see in Seattle and Portland
and every once in a while in some other places.
What are things that were tried?
What are things that they would do differently?
And what does that mean, the implications for them?
So we're excited to host another call coming up.
We have a planning call tomorrow for that.
The landing pages, we continue to update both on the looting and rioting,
as well as on the COVID-19 landing pages at LPRC's website, which is lpresearch.org, lpresearch.org.
All seven working groups maintaining a steady flow.
We've had an increase.
We were expecting a decrease in participation over the last 90 days.
And again, all seven working groups meet monthly by Microsoft Teams.
So we're excited to see there's a lot of progress,
good projects that are coming out of those.
And again, we're looking at retail fraud working group.
We're looking at retail fraud working group,
we're looking at violent crime working group, the ORC, product protection, supply chain protection,
among others. So we're excited to continue to support the community with these ongoing working groups. LPRC Innovate, Logan and team and Natanya have been putting in more technologies. We've had
visits from some of our solution partner members now. We can get them cleared into the UF Innovate
building to stand up the capability to communicate and all the technologies being put in.
Our online tour is being set up. Some of you know, we've got matter tags. In other words, we can tag things. So you put your cursor on. But with 190, almost 200 technologies, it's taking a little while, but we want to do it right. But we want everybody to be able to anywhere in the world at their convenience, come in and tour all four of our labs and get an idea of what we're up to. Our virtual reality LPRC's VR lab
is a platform that's amazingly functional.
It's cool and it's allowing us to explore different options
much more rapidly, much cheaper,
more cost-effectively than going out into places
and is safer and less disruptive.
So a lot of neat things happening at Innovate,
including our AI Solve concept where Dell and NVIDIA,
actually as we speak, are building a neat edge server for us
that will have some NVIDIA T4s, Tesla T4 GPUs in it,
four of them at least, a lot of space to provide some edge capability for the computer science and engineering students and faculty that we work with to work with us on training, not just singular stationary imagery algorithms or models, but it is also moving action models. So stay tuned as we continue to use that
for computer vision and other uses. So thank you to Dell Technologies and NVIDIA for that.
Malong, Eversine, Sensormatic, Axis, and Bosch. So far also, those five organizations
are prime sponsors of LPRC, but are helping us develop more and more capability, particularly in the AI realm.
So we'll update that as we get more going on.
So with no further ado, I'd like to turn it over to my colleague and friend, Tony D'Onofrio.
Tony, can you bring us up to speed on what's going on in the world?
Thank you, Reid, very much. Let me start with an aside because some interesting stuff that I'm
seeing in terms of COVID-19 and what is happening. I'm actually part of a Harvard University-based
consortium for operational excellence in retailing, and they're hosting now
two calls a week just updating in terms of what's going on
around the world. And yesterday they had a really interesting presentation from the Hong Kong
Institute of Textile and Apparel, which is led by a former supply chain executive from Walmart.
And what they've been doing, they came up with a new mask that's six layers that has copper,
they've been doing, they came up with a new mask that's six layers that has copper, that has like,
I think he said seven patents, and they're working now to deploy that. They first deployed it in Hong Kong, so they shipped millions of these within Hong Kong itself, and now they're working
on licensing it to retailers. So you'll start seeing really these advancements. What's unique about these is they maintain the filtration for up to 60 washes.
So you can actually wash these masks and they maintain their filtration of,
and they're N99, so they're above the current N95 that you can buy.
So they maintain the N99 for 60 washes.
So there's a lot, The reason I bring that up,
there's a lot of innovation going on around the world for interim solutions that can be leveraged.
And it was good to see that these will be licensed to retailers. So I'm anticipating that at some
point in the fall, you'll start seeing masks as a fashion statement. So that'll be interesting
to watch. But let me jump
to the data because there was a lot of interesting data that came out this week. So first, there's an
update from IHL in terms of where we're at through June 2020 in terms of U.S. retail. So the food
sector is up 13 percent through June. The drug sector is down 2%. Mess merch is up 4%. Department stores are down 20%.
Especially soft goods, which would include apparels, down 39%. Convenience is down 17%.
Restaurants are down 23%. And online pure play is up 18%.
The same presentation also provided the latest forecast
in terms of what's going to happen for the year.
So the updated projections for the year are for food and grocery to be up 12%,
drugstores to be up 7%,
mass merchandise to be up 11%,
department stores to be down 23%,
specially soft goods to be down 33%, and convenience to be down 23, especially soft goods to be down 33%,
and convenience to be down 19%.
And overall, retail will be down this year.
It will not grow.
It will be down, the current projection, say 7.6%.
Because we're having an uneven open and close in the U.S.
with the current spikes that Reid mentioned,
for example, in Florida, the number
of store closures have actually been increased. Right now, they're over 400,000. That's up over
100,000 from the previous forecast. 338,000 of these are small business, one-store chains.
So, small business is going to get severely impacted by this.
Large chains, 1,000 stores or more forecasts that have been out there anywhere from 24,000 to 25,000
stores that will be closed in that sector. So we're still going through some tough time and
the uncertainty right now in terms of what's going on in some of the states in the U.S.
uncertainty right now in terms of what's going on in some of the states in the U.S. will continue to drive this data. There was also a very good study that came out this week on inventory
distortion and what happens with out-of-stocks and over-stocks. So the problem, and this is an
ongoing study that NHL does every year, so the total in terms of what the inventory distortion in terms
of the problem is actually a huge number. It's 1.8 trillion. 81% comes from out of stocks and
19% comes from overstocks. And overstocks are deeper discounts that you had to take because
you actually did not manage the supply chain effectively enough.
And just to give an idea how bad this is,
this is equivalent to 10% of same-store sales in retail and hospitality.
The pandemic actually has made this worse.
We were actually improving this problem prior to the pandemic.
this problem prior to the pandemic. In fact, we were gaining on it by about $158 billion prior to the pandemic, but the pandemic caused major spikes because supply chain had major
issues. For example, sales of hand sanitizer were up 600%. Spray disinfectant, we're up 366%.
All-purpose screeners, we're up over 300%.
And so what was happening is typically there's a four-month supply chain in the pipe,
and that supply chain was basically being eaten up in two weeks,
which caused major, major problems for some of those favorite categories
that we talked about in the past,
toilet paper puzzles, all these kinds of things that were in high demand.
So the pandemic actually caused some severe impact. So I shall estimate that retailers experienced a $570 billion loss related to the surge and to the lockdowns.
The key technologies identified to solve this problem are computer-aided ordering, streaming
data, and IoT technologies such as RFID and cloud-based platforms.
And then finally, this study pointed to where the next battlegrounds are in retail, and they are really dealing with the age of the systems that are out there, and how do you integrate those to deliver an omni-channel experience, battle tools for associates, fixing inventory issues, and a lot more artificial intelligence and machine learning to address store operational issues.
That's a little bit on inventory distortion.
NRF this week also updated their latest study in terms of the importance of the retail industry to U.S. retail.
So retail continues to be the largest private sector employer in U.S.
the largest private sector employer in the U.S. and supports more than one in four USA jobs or 52 million in total. The GDP impact of retail in the U.S. is 3.9 trillion. And finally, this week,
also, NRF published their latest shrink survey. This is a national shrink survey that comes out of the University of Florida, jointly with NRF.
And so what the latest shrink survey found that shrink is an all-time high at 1.62% of sales,
costing the industry now almost nearly $62 billion.
We typically used to talk about the $50 billion range. Now it's at $61.7 billion,
to be exact. Much more of a priority for retailers in terms of the area of shrink are e-commerce
crime, organized retail crime, cyber crime, internal theft, and return fraud. And the top five systems that are being used for LP
are burglar alarms, DVRs, live customer CCTV, armored car deposits, and POS data mining.
So a lot of technology is actually discussed inside this study. So I would encourage everyone to read it. It's available from
the NRF website. But after reading it, I would also encourage you to engage with the LPRC,
because you can actually do a lot of optimization of how these technologies get deployed by working
with retailers and the data scientists at the Lost Prevention Research Council really to combat this growing problem of shrink.
And with that, I'm going to turn it over to Tom.
Thank you, Tony. Thank you, Reid.
So I'm going to talk a little bit about the protests first
and some of the civil disturbance really from a standpoint
of collecting and gathering information.
So regardless of where you lie from a political
standpoint, the news media is selectively providing information. So I know the traditional
thought process would be to go to the news for information. I think it's important now to just
remind everybody of all the other sources using social media monitoring and open source intelligence gathering in the dark web.
I've been working with a couple fairly large retailers on this. And unfortunately, a lot of
the information they're getting from the more traditional sources is either inaccurate or
missing things. So just a reminder to dust off that social media and open source intelligence
monitoring. I know at the LPRC and the
Innovations Working Group, we've talked a lot about that. It's also important to remember that
when you're in a really busy news cycle, that the news can only report certain things. So with
weather events, COVID, and normal kind of occurrences, you're not going to get that
full depth. So it's, you know, going out and actually pulling information and verifying information is very, very important. And that leads me kind of
to my second point of with a lot of the kind of phasing related to COVID-19 is very fluid and
changing. So I know that we're working directly with a client here at Control Tech who is in the
food services industry who is struggling with maintaining and keeping up with the regulations because each jurisdiction was different.
So I can say that what I'm seeing is there's quite a bit of civil unrest that's not being portrayed through the media for whatever reason.
Certainly, we're hearing a lot of the talk about federal
agents in Seattle and so on and so forth. But when you dig deeper, there is still a couple
pockets in the United States that are experiencing protests that are violent and destructive.
So turning over to the cybersecurity and risk, COVID-19 has impacted our lives in many aspects.
One of them is the emerging trend in cybersecurity.
Threats are larger on a global scale than anything that we've seen.
Most governments globally now are reporting an increase of cybersecurity reports.
The FBI and the Department of Justice reported that they're getting about 3,000 to 4,000 complaints, a lot of these coming through the Federal Bureau of Investigations Internet Crime Complaint Center.
The scary part here is the increase in complaints.
What they're registering is only what they know. not everybody actually files these complaints. It takes time, but it's a huge, huge increase throughout the United States, as well as the European Union have already stated that the risk
from hackers has increased at almost unmeasurable numbers related to specifically the COVID-19.
There is a 350% surge in phishing attacks directly related to COVID-19.
So I know we talk about this weekly, but I think it's really important to talk about
the magnitude and how it's not slowing down.
If anything, it needs to be increased.
There's continued attacks in the financial sector as well as enterprise to get worker
information for identity theft.
Infrastructure in developing countries is really struggling, where in some of these developing countries that don't have the
robust governments are really struggling and their utilities are being attacked and their
central banks are being attacked. Working from home, although I think now you have a lot of the
country that is starting to transition back to offices,
you still have a significant amount of people working from home, poses cybersecurity challenges for businesses.
91% of enterprise reported an increase in cyber attacks.
This was a survey done by Opinion Matters. They surveyed over 3,000 executives in the United States, and they saw a 91% reported
increase in enterprise attacks.
This is folks that are in fairly large enterprise companies that really reported this.
If you think about the climate and everything that's going on, that level of increase is
significant.
going on, that level of increase is significant.
Malware specifically designed to attack in COVID-19 was up about 92%. It's important to note that malware in general was up.
So when we say it's up 92% post-COVID, pre-COVID, it was still well above 50% compared to last
year.
So these are just challenges that will continue to occur that are
magnitude. There was an interesting report done specific to Singapore, but I think Singapore is
a developed country. So I think you would see similar results. There are a whole bunch of
cybersecurity experts that really talked about it. One, Rick McCoy from Carbon Black,
talked about it. One, Rick McCoy from Carbon Black, really talked about the global situation related to COVID-19 and the business resilience and disaster recovery planning and how organizations
who really thought they had great disaster recovery and business resilience found out
how inept it really was. Again, this was specific to companies that were housed in Singapore, but
I think when you read through these type of things, you realize that it really plays to all
of us. One of the key things that came up in the reporting is that companies that delayed
implementing multi-factor authentication appear to be facing the largest amount of challenges in
Singapore. So about 30% of the companies in Singapore that were in this study did not institute
multi-factor authentication and that created a challenge.
And for those of the listeners that don't know what multi-factor authentication is,
it means when you go to log into an account, whether it be an enterprise-wide account or
a public account, there's a secondary authenticator.
Usually, it's a text message. It also can be an authentication app.
So for those listeners that don't have that enabled in everything, go and do it.
It's free, and just about every service is available.
Most banking and financial institutions require it if you're logging in to a different location.
But Facebook, Gmail, Instagram, they all have it.
It takes an extra second or two, and it really adds quite a bit of a layer of protection.
A lot of companies resist it because of the challenge of training. So it's important to
really run there. And back to the kind of the same thing from another report, not related to
Singapore, but a global report that really talks about the gaps
in business recovery planning. 90% of the folks globally in this study that were talked to,
89.9% described that their business recovery plans on paper were very good, but when they
went into the pandemic, they realized the gaps there. 86% of those participants also identified general, not just cybersecurity, but IT operational gaps. So it's really important to know that this is a good, if you can take some light of COVID-19, it allows you to really say, this is a worst case scenario. What are some of the infrastructure gaps I have or seen? I know specific to asset
protection and loss prevention, there's been a lot of conversation around remote video,
remote capability, the ability to see and touch your stores via video, how many retailers in the
United States had different levels of remote capability, and how important it was when it came through.
And with cybersecurity and really security in general, education and awareness is the key to success.
So yes, some of this is repetitive.
Obviously, these are new numbers, and we've been talking about some of the things over
the years.
But it's so important to really continuously drive the education awareness.
That's what helps uh with
cyber security and physical security as well and then i want to just close on a note that a few
podcasts ago we talked about um something that i saw on the dark web related to countermeasures and
some bugaboo guys and it actually was about i think it was three three episodes ago and it did
uh surface and national media so that was something that I had saw, and we'd worked with the LPRC on the dark web almost a month before
the national media picked it up. And it's just a reminder. And what it was, was that there were
groups going out and creating, organizing fictitious protests to divert law enforcement and to divert the
counter groups so this was specifically designed to get Antifa one place and
another group another place and then also this just banned law enforcement so
a reminder that when you are using your social media that the fact-checking and
validation and understanding that it's not an exact science is important. So over to you, Reeve.
All right.
Many thanks to you, Tom, for that briefing.
And life is like an iceberg, right?
There's a lot going on beneath the surface there.
That we really, those of us that are not just trying to understand and test solutions,
but you all, the frontline, the practitioner,
obviously the more situational awareness and understanding
that all of us have, the better.
So I appreciate that, Tom.
And thank you, Tony, again, for such a thorough briefing
and looking at the macro scale,
particularly in looking at retail
and what's going on in the United States
and around the globe.
So I want to wish everybody out there a safe and productive rest of the week. Please at any time
reach out to LPRC or lpresearch.org. Let us know your questions, your comments, your suggestions.
If you're a member, we encourage you to get involved. Get as many of your team members
involved as you want. It's a family membership in the working groups and using our Knowledge Center, the app.
The app is amazing. It's got feeds that come in from LP Magazine and D&D and Security Magazine,
all kinds of sources. So it's a one-stop shop. It's sort of a Twitter feed style, if you will,
but also then can allow you and connect
you into the working groups and the projects that are underway or that you might want to get
involved in and so forth. So it's a really neat app. The Knowledge Center is very thorough and
updated continuously. So I encourage you to do that. Take advantage of any and everything you can.
So from Gainesville, I want to thank again, Tony and Tom and Kevin.
Stay safe out there.
Thanks for listening to the Crime Science Podcast presented by the Laws Prevention Research Council and sponsored by Bosch Security.
If you enjoyed today's episode, you can find more Crime Science episodes and valuable information at lpresearch.org.
The content provided in the Crime Science Podcast
is for informational purposes only
and is not a substitute for legal, financial, or other advice.
Views expressed by guests of the Crime Science Podcast
are those of the authors
and do not reflect the opinions or positions
of the LF Prevention Research Council.