LPRC - CrimeScience – The Weekly Review – Episode 52 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio
Episode Date: April 8, 2021Optimism in Retail Success Increasing and Cyber Security is Increasing! In this week’s episode, our co-hosts discuss these topics and more, including Vaccine Testing Increases, Happiest Countries ar...e Released, Microsoft Exchange has Security Issues, and Ransomware Research is Analyzing Costs. Listen in to stay updated on hot topics in the industry and more! The post CrimeScience – The Weekly Review – Episode 52 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi everyone, welcome to Crime Science. In this podcast, we aim to explore the science of crime and the practical application of this science for loss prevention and asset protection practitioners, as well as other professionals.
We would like to thank Bosch for making this episode possible.
We use Bosch Camera's onboard intelligent video analytics to quickly locate important recorded incidents or events.
Bosch's forensic search saves you time and money by searching through hours or days of video within minutes to find and collect video evidence.
Learn more about intelligent video analytics from Bosch in zones one through four of LPRC's zones of influence by visiting Bosch online at BoschSecurity.com.
Welcome everybody to another episode of LPRC's Crime Science Podcast. today, our latest in our weekly update series. And we now, as we learned before, well over 50
of these in the special series, joined by my colleagues, Tom Meehan, Tony D'Onofrio,
and by our LPRC producer in this case, Diego Rodriguez. And I want to welcome everybody.
I'll start off with just a little bit of an update.
We've all been hearing over the last 50 episodes about COVID-19 in particular,
you know, prevention and therapies and vaccines and masking and so forth. And so, you know, research continues on all fronts, of course. I mean, it's just,
I think an unprecedented number of research studies
have been and continue to be conducted around the world. So just the, again, the accumulated
learning by the scientific community, the medical community around viruses and viral transmission
and how to treat, how to prevent, and dispelling some old wives tales. Even the six foot rule came from, it seemed somewhat dubious beginnings or something that
wasn't particularly on point.
It's been refined and has demonstrated to provide some good separation.
And the intent is to keep the viral particles from entering another person, or at least
not as many as we've talked about viral particles.
But is it too much or not enough space and things like that are still under heavy scrutiny
in research right now.
We know that many schools have lessened that distance based on CDC guidance.
Again, these remain open questions, and there's not going to be definitive answers, most likely.
We heard a lot last year about sunlight and the detrimental effect that it has on viruses, in particular the SARS-CoV-2 virus causing the COVID-19 disease.
Emerging research now shows that sunlight is very powerful and recommended that people not get overexposed
in the sun like most people in the state of Florida that might have pre-skin cancer or skin
cancer, but rather enough to deactivate the virus. And in fact, it looks like sunlight is
eight times more destructive to the virus than had last year in 2020 been predicted or initially thought.
So it does seem to be, as the sun reemerges across the globe, a good sign in the northern hemisphere anyway for further degrading the virus and reducing its transmission.
But we did start to learn late 2020 that really airborne, aerialized transmission was the
main key.
But again, in sunlight, this is going to reduce that transmission to a certain extent.
So according to the new science, the variants continue to dominate the news since we've talked about before,
certain variants are including different types of disorder on each of the spike proteins and other parts of the virus.
And again, the vaccines are designed to affect and replicate that spike protein.
That's sort of the key to get into the cell to unlock the lock.
But fortunately, it looks like the currently developed vaccines still have efficacy against the variants.
But the concern, again, is a race to get shots in arms to preclude as much rapid variation as we're seeing right now across the globe.
And it is the good news there.
Closing in on 700 million humans across the world have received at least one dose of the vaccine.
That's just an incredible number in the United States.
Well over 100, 100 plus million people, Americans have now received at least one dose.
Well over 60 plus million are fully vaccinated in the United States
with the two doses or the one if it's the J&J. We're still awaiting Novavax's data, which is
probably still one to two months away as far as their application for emergency use authorization.
But in the meantime, Pfizer and Moderna have continued to ramp up production and distribution under Operation Warp Speed.
Johnson & Johnson the same, even though we understand there was a mishap in the manufacturer that was making both the J&J Janssen vaccine as mixed up the two, causing 13 to 15 million doses to have to be
discarded, which is pretty tragic considering especially that those are one-dose vaccine
options, even though we've heard earlier that J&J is working on the two and even possibly more
dose protocols just in case or to learn if there is some increase in efficacy by adding another second one.
Dose, Pfizer and Moderna continue to issue pretty good news.
Pfizer, especially in the area of going down to much younger children, to pregnant and
breastfeeding mothers, and showing in these randomized controlled trials the safety and
efficacy of the vaccine.
And in those special use cases, many, many more states,
of course, across the United States, going down to 18 or even 16, now making it fully available.
I know here in the state of Florida, beginning yesterday, on Monday, the 5th of April, 2021,
they started ministering to 16-year-olds and above where the vaccine was there because, you know, close to 80
plus, over 80 percent of the most vulnerable had been vaccinated. The governor in that state
made that a priority. And across the nation, you know, it's good news that well over 70 percent
in that category have been vaccinated and just a massive amount of vaccination that took place in elder care centers.
Pretty significant in that case as well.
But there continue to be Gen 1, Gen 2, and possibly Gen 3 anti-COVID-19 vaccines underway in production and testing. But we know that in preclinical,
there are dozens in phase one clinical trials, 50 vaccines being trialed in human clinical trials.
In phase two human clinical trials, 35 additional vaccine candidates being trialed. And presumably they all obviously made
it well out of phase one. But there are now still 23 in phase three trials that have made it past
the first two hurdles after making it out of preclinical testing. And again, there are five
with emergency use authorization, including J&J, Moderna, and Pfizer, as well as now eight globally
fully approved vaccines.
So the vaccines are here.
Again, we're closing on three quarters of a billion humans across the globe that will
be vaccinated probably in the next six to nine weeks.
Here at the University of Florida, I walked over by the swamp, the UF
stadium, football stadium, and saw the students carefully spaced out forever and ever, but they
vaccinated 5,000 University of Florida students yesterday. And they estimate at the 5,000 pace
that they were able to sustain that they'll vaccinate 20,000 UF students this week alone. So now with the vaccines more
broadly available and approval and authorization to go down much lower, that's there making that
available. So this is what we need. There's still advice and recommendations anyway to continue to mask up even if you're two weeks past your Pfizer,
Moderna, or J&J vaccination. If you're fully vaccinated, you're not considered that normally
until two weeks after that second or that final dose, let's put it that way. But even in that case,
in abundance of caution and very close confinement with others that are not vaccinated or that you're not residing with and so on. They're recommending that people wear masks too, because even the
best vaccine is 95%, which is amazing. Anything above 50% is pretty fantastic. And 100% for
serious, but it doesn't preclude getting some sort of moderate or low-grade illness because 95%
means 5% or more are still vulnerable, just depending on the luck, the dosing, and so on
that we've talked about over the last podcast episodes. Switching gears over here, the LPRC
team working on an overall at-a-glance calendar of events. We've determined, I mentioned before,
that there are really 86 touch points for LPRC members throughout the 12 months of a year,
which is pretty exciting. We've got seven working groups, which means 10 touch points with each of
the working groups throughout the year. So LPRC members get their team, get a team member, one or more into each of the working groups so that they can
work with their counterparts, work with solution partners, engineers, and scientists throughout
the year on supply chain protection, retail fraud prevention, violent crime prevention,
shoplifting and other theft prevention through the product protection
working group. We've got an organized retail crime group with top investigators in there
working together with law enforcement, the supply chain protection working group,
the data analytics working group, and the innovation working group, all meeting 10 times
throughout the year, 70 touch points there. A minimum of 10 LPRC webinars, which we've done
for years now, roughly one a month for at least 10 months, even though this year with the LPRC
innovates AI solver, artificial intelligence solve, you'll see additional probably around six
webinar events as well. But regardless with 10, there's another 10. And then we've got
six LPRC events, right? So we've got Kickoff, Ignite, and then we have our Product Protection
Summit. We've got a Supply Chain Protection Summit, Violent Crime Summit, and then, of course,
LPRC Impact. So these 86 touch points will be an at-a-glance calendar for everybody.
We've been working away too on meeting on using FusionNet and behind the scenes with Cobwebs,
Cognite, other Intel supporters regarding the Chauvin trial in Minneapolis. Tom may or may not
touch on that a little bit depending on his timing. But we're paying very, very close attention, obviously, with the active shooter, active assailant,
mass assailant event in the King Soopers in Boulder,
hopefully looks like an aborted one that took place in a public supermarket in Atlanta.
And then some other mass shootings that have occurred.
Mark in Atlanta, and then some other mass shootings that have occurred.
A very nice tight look, if you will, where we're conferring with all kinds of experts and in fact, conducting a couple of surveys right now with the retailers around this.
But we're looking at some of the points, you know, we look at crime scripting, but, you
know, what are some background issues that might set somebody off, or what are
some of the personal mental and cognitive characteristics, their behaviors, and so on,
that might indicate or signal to others that there's a concern. But we're looking at what
might activate that, something, a response that an individual might have and where they might go to carry out that.
That's their response. So, you know, there are a range of triggers, there are a range of responses.
Somebody might take their own life or they might just seek counseling. They might just get over it.
There are a whole horizon or they might take action to harm others, like in the case of an
active assailant. So
we're looking at what kind of leakage, what kind of signaling could go on in social media,
in physical appearance, hygiene, workplace activities, behavior, productivity,
interpersonal relations. Do we see what signals might be meaningful to know and understand?
On the other side, so that's the before bang.
We're also looking at bang or just right before bang.
What guardianship signals might prevent somebody from actually launching a harmful act like being an active killer?
So what guardianship levels, if there's nothing there, if there's some kind of technology, again, sort of
the see, get, fear, or respond. We're looking at if it's a human intervention, a law enforcement
officer, a security officer, or something like that, authoritarian figure, if they're armed or
not, what they're using. The issue is that in any given event, it just seems to be unknown and even unknowable if one thing or a
combination of things would stop somebody not from being triggered from actually launching or
initiating an attack. And so we have, we're trying to find if there's any evidence that it has
or find out if we can find evidence that it might, we do have evidence that it does not
always, or we don't know when that might be, but we know in the terrorist shooting in Orlando,
the Pulse nightclub shooting, we know in the Parkland school shooting, we know in many,
many other shootings we've looked at, the active or mass assailant events where there were uniform armed police officers
that were there. They were known to be there by the assailant. They were either ignored or they
were bypassed or they even were initially attacked. And so there's evidence that even the most heavily
armed situation may not preclude that. The same thing on some of these military post-active killer events and so on like Fort Hood.
So stay tuned.
But whenever, again, we've talked about this, when you're a victim of a crime, when we're
a victim of a crime, our people, our places, we're on the defense.
And there are generally no good options.
There are certainly no great ones.
It's just a matter of which option or options might help in this case.
And again, we're seeing people that are a month out from two vaccines, that are double
masks, that are keeping distance, and they get the COVID-19 disease.
We know that people that have never smoked can get lung cancer.
So there's
a lot of mystery in life. And as scientists, we are working together with you all trying to make
sense of the world. But so stay tuned, more and more research to come. So let me do this. Let me
go over with no further ado to Tony D'Onofrio. Tony, if you can enlighten us, what's going on
around the world? What can we look forward to? How can we get involved? Thank you very much, Reid, and great update. And just
to mention, this week, we're also going to make some progress on LPRC Europe. More work is being
done in terms of follow-up. The retailers in Europe will receive some of the follow-up material,
including a survey to move the next steps and looking forward to getting the US
teams all engaged more with the Europeans team in terms of this expansion. But let me switch to some
good data that's coming out from multiple sources. I'll start with some good news from the Consumer
Confidence Index as it was published in ChainStorage. The conference board consumer
index in March rose to its highest reading in over a year after a modest increase in February.
The index now stands at 109.7 from 90.4 in February. The percentage of consumers claiming business conditions are good increased from 16% to 18%, while the proportion claiming business conditions are bad fell from
39% to 30%. The percentage of consumers expecting business condition will improve
over the next six months rose from 30% to 40%, and the percentage of expecting business conditions to worsen
declined from 17% to 11%. So in general, we are feeling very optimistic as consumers that
things are going to get much better as the year progresses. So that's good news.
On a lighter note, because I do like to bring some lighter good news to this podcast,
I do like to bring some lighter good news to this podcast.
This week we saw from the World Happiness Organization the top 10 countries that are the happiest in the world.
And this year was an unusual survey based on COVID.
But the top 10 countries that are happiest in the world in 2021
are Finland, Iceland, Denmark, Switzerland, Netherlands, Sweden, Germany, Norway,
New Zealand, and Austria. So Scandinavian is all over the top 10, which is interesting,
and that continues to be the case. So they must be doing something right. The UK ranked 17th and
USA ranked 19th. As one would expect with lockdowns and physical distancing, the pandemic
did have a significant impact on workforce well-being. Falling unemployed during the pandemic
is associated with a 12% drop in life satisfaction. The report also points out towards a hybrid future of work that strikes
a balance between office life and working from home to maintain connections while ensuring
flexibility for workers, both of which turn out to be key drivers for workplace well-being. So
things are changing in terms of how we work impacted by the pandemic but there are certainly
some lessons we can learn from the rest of the world and finally i'm going to end one of my
favorite annual reports that comes out every year from ris news where they analyze what's happening
with retail technology inside stores they've been doing this for a while. This is their 31st annual retail technology
study, which this year they titled Building the Future-Proof Retail Enterprise.
When the retailers that were polled were asked to describe the current state of retail,
the words that they used the most are changing, transforming, influx, and unpredictable. The top five challenges
for the next three years that retailers are seeing are application integration, retiring legacy
systems, change management, Amazon, Walmart, and Alibaba, and consolidating channel silos. The top five technology-driven strategies for the next 18 months are
expanding unified commerce initiatives or omni-channel initiatives,
improving network and IT system security,
advancing analytics and capabilities,
developing personalized marketing capabilities,
and advancing mobile commerce for consumers.
Retailers report that 31.6% of overall sales now come from digital channels compared to 23% last year.
This massive jump is expected to continue but not at the same pace.
And it basically says that retailers are going to continue to invest and improve digital experience, which I believe is critical in terms of the future of retail. digital focus areas for the next two years are customer relationship management and personalization,
email, mobile, text marketing messages to consumers, product and catalog management,
product recommendations, and distributed content management, and a repository for that information.
The good news for this audience is the store is still going to be at the epicenter of retail going forward, so store remain critical. The top three investments
going into stores today are mobile devices for associates and managers, in-store pickup,
and return of web goods, and real-time moderating and KPI. The top three in-store
investments in the next 12 months are clienteling and guided selling, location-based sensing for
marketing and communication, and shopper tracking capability. Curbside pickup is getting a lot of attention in the store level. 33% have it today.
27% are currently implementing it.
And 10% will implement it in the next two years.
And finally, on the data front from this report, lots of focus is going into store analytics
with the top five focus areas in analytics being multi-channel customer behavioral segmentation, campaign
analysis and forecasting, inventory optimization, which I think is the most critical, multi-channel
frequent shopper and loyalty shopping, and market basket analysis. It's a favorite report. In fact,
I'll use it as one of my base for one of my next blogs. But let me summarize this week in terms of the key lessons learned from all this.
The good news is that increased consumer confidence is another indicator that retail is coming back strong.
Lots of lessons that can be learned from those happy countries as we emerge into the new normal.
Technology is leading retail back
and retailers are intensifying focus
on understanding the needs of the green shopper.
For this audience especially,
it's important that they not forget the red shopper
because all these new technologies
will open new opportunities for shrink and tap
and other challenges in retail.
And to all that, I would encourage everyone to engage with LPRC
to continuously improve the processes for both the green and the red shopper.
And with that, I'm going to turn it over to Tom.
Well, thank you, Tony. Thank you, Reed.
And Tony, you set the stage perfectly for me.
And what we're going to talk about is risk, right?
We always talk about it.
And I think I want to really highlight today that while a lot of the things that I speak about on the podcast inherently feel like cybersecurity, they're increasing the threat landscape significantly within the four walls of retail
and also beyond the unified.
Increase the digital protection risk includes some of the traditional physical security
methods.
It isn't your grandmother's cybersecurity anymore.
This is a completely different landscape.
And as we digitize and as we continue to use data to make decisions, both within asset protection and out, the threat landscape increases dramatically.
So a lot more to come.
And that leads me to kind of a couple of key stories around risk. And I'll start with the ones that are more cybersecurity related, but there was a Microsoft Exchange server vulnerability that was discovered a few weeks back, and it's highly recommended to
patch. Basically, what it allows is it allows malicious code to be executed through a vulnerability.
And to date, it feels like, based on the numbers, that there is a very small percentage of U.S.-based Microsoft Exchange servers still vulnerable.
A lot of folks are not using our traditional Exchange server and are using cloud-based.
But if you are using a Microsoft Exchange server, you want to make sure that you have it patched and updated.
There's actually numbers that were available last week.
While this is relatively insignificant in the scheme of things, there was about reminding,
this affects all of us from big business to small
to just end users and consumers
of when that update becomes available
for your phone, for your computer,
the importance of really going ahead
and updating as soon as possible.
The easiest threat vector for attackers to attack is known vulnerabilities.
They can do it by them. They can set up scripting and really do it on its own. It doesn't require
a ton of sophistication, and they're just basically looking for that open window or open door.
So the importance of patching, I can't stress enough. And that leads me to my next conversation
about there was an iOS update. So if you're an iPhone user, there was a critical security vulnerability that was announced.
The update was released last week.
If you don't have automatic updates on your phone, you want to go ahead and you want to update that.
I know for some folks it's challenging and could create challenges if you use side loaded apps. so apps that are outside of the App Store. I know for
some organizations, they have a different process. But this, again, is a known vulnerability. So
right now, there are people attacking that vulnerability. And basically, they're opportunistic
in some senses. But it leads me to just continuously remind folks that do the update. I
know that sometimes it can be cumbersome and a challenge, but it definitely is something you want to do.
Currently in the cybersecurity world, there are really two main ways that bad actors get into systems.
One is through a phishing campaign, whether that phishing leads to malware or a ransomware. As we all know, phishing is those
emails or those attempts that you get to replicate what looks to be legitimate and getting someone to
actually take a human action and click on a link, enter credentials. That's one of the biggest ways.
And really the second biggest way is through unpatched vulnerabilities. So while neither one of these are slam dunk simple things to do,
the patching is something that doesn't require a lot of interaction. So I think it's very,
very important to talk through that. We continue to see kind of global nation state attacks. I
think we talked about it last week, so I'm not going to go into it in too much depth because there's not a lot of information.
Interestingly enough, which is a very odd occurrence, there was a fairly well-known European or thought to be European hacking group where one of the folks went out and did an interview. It was a several-hour interview, actually,
and really highlighted some of the things that we talk about on the LPRC podcast.
And the LPRC highlighted the fact that these groups are sharing information constantly,
doing research.
And there were three kind of things that I took away from this very long interview that were really interesting. One is
the amount of research that these groups are doing and what the name of the group is Revel,
what they were doing is they were actually spending time looking at cyber and security
insurance companies' websites to see who their customers were and targeting them because they
thought in a ransomware environment that they would get larger payouts. And they claim that they actually tested this
theory and for bigger companies that have cyber insurance, that they get paid quicker and more
payouts. So they were doing the research and actually, you know, kind of taking a really,
I don't want to say scientific, but is a scientific, but going through and really a
methodical approach more of, we're going to research these companies and spend a lot of time trying to identify targets where we'll get paid.
The other thing that was said, the second thing that was said that was really interesting is that certain governments, they were not going to attack because of, and he didn't say this outright,
but you can kind of read between the lines, but they knew that the action would be significant.
So kind of along the lines of, yeah, the U.S. might arrest you and send you to jail,
but they got to find us and they got to come overseas and we're in a non-extraordinary
country. But yeah, we're not going to hack Russia because they're going to kill our family type of thing. And that's literally what they said. So taking the, the kind of the approach
of the see it, get it feared as what I thought about is they understand the risk of attacking
certain people or certain countries. So they're very focused on places where there's less breaks.
And then the last thing, which kind of leads back to the LPRC thing is, um, there, you know, the, the open exchange
of information. So, um, you know, one of the comments made was that we don't, they don't
intermingle with other groups in the sense of sharing information, um, that you would think
that would work against them, but they do often share information on countermeasures that government officials use. And one of the
things that came up was, you know, the FBI seizing sites and arrests that are made from the FBI.
And, you know, they were talking about how to avoid arrests and what to do if you're raided.
So very, very interesting interview. And really, I say, we say this all the time,
it kind of reminded me of the LPRC offender interviews but more importantly
it just you know reinforces the fact that you know talking about things is so important and
sharing information and then lastly I'll leave this again a lot of cybersecurity stuff today and
I have two more topics one is we talked about the Verdaka breach, which was the camera breach that did affect some retailers and affected over 150 companies.
There was an arrest made. The arrest was a seizure made.
This person has not been extradited to the U.S. yet.
But one of the actors in the Verdaka breach, they were pretty vocal about it.
They went to Twitter. They went out to the dark web, they talked about it. So the US attorney has filed several many in the group, the name of the group is called the Aristocats.
It's a hacking group that is unnecessarily organized group as much as a group of individuals throughout the globe that are hackers.
But they are organized in the methodology that they communicate and they have some group meetings.
methodology that they communicate and they have some group meetings. This arrest just kind of shows the fact that when these breaches happen, that the U.S. government takes them very seriously
and goes after it. And then I'll end up kind of with the Chavez trial in Minneapolis and what
we're hearing. There is a tremendous amount of media attention, which in some cases, based on
what I'm seeing in some of the groups, is fueling kind of potential civil disruption. What I would say is in the Minnesota markets that I'm watching,
there is a lot of conversation about protests, but based on what I'm reading and seeing,
certainly the organizers are talking about non-violence
and signage and really being respectful to it.
So I think a lot of that, and this is definitely my opinion has to do with the media attention.
Um, cause most of the media attention is, uh, in, in reflection of thing, you know,
um, the chief of police saying what, what occurred shouldn't have occurred.
People talking about that, you know, that most of the testimony that the, the, that the media is
leaking is, you know, not inciting folks more showing that people are compassionate and running
through. There was a very interesting post just yesterday related to, again, if there was not strong action taken
on the other officers, that there would be a significant disruption throughout the U.S.
I think that the thing about that post that was interesting is it had a lot of folks on it. It
was a Telegram post, but it really was just people, what I would say, venting on Telegram. They weren't really
talking about organizing. They were talking about the action that would occur if something didn't
occur. So we'll continue to look at that. We'll continue to watch that through the FusionNet,
as well as some of the unfortunate mass shooting and active shooters. Actually, I spoke to, you know, one of my law enforcement sources last week around mass shootings.
And he's, you know, you know, he basically talked about the media attention and some of the things that were occurring and what law enforcement was seeing.
And to Reed's point earlier, what his comment was, is that, you know, the counter, in the Capitol with the ramming of two Capitol Police officers. So we talked a little bit about that
as well. So stay tuned for more, and we'll continue to keep bringing things to you. Over to you, Reed.
All right. Thanks so much, Tom. Thank you, Tony. So that's it from the team here. And we wish everybody a safe, active, productive week ahead. And please let us know your questions, comments, and becoming a member of the LPRC research and results community.
So signing off from Gainesville, this is Reed Hayes. Thank you.
Thanks for listening to the Crime Science Podcast presented by the Loss Prevention Research Council and sponsored by Bosch Security.
If you enjoyed today's episode, you can find more crime science episodes and valuable information at lpresearch.org.
but you can find more crime science episodes and valuable information at lpresearch.org.
The content provided in the Crime Science Podcast is for informational purposes only and is not a substitute for legal, financial, or other advice.
Views expressed by guests of the Crime Science Podcast are those of the authors
and do not reflect the opinions or positions of the Loss Prevention Research Council.