LPRC - CrimeScience – The Weekly Review – Episode 52 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio

Episode Date: April 8, 2021

Optimism in Retail Success Increasing and Cyber Security is Increasing! In this week’s episode, our co-hosts discuss these topics and more, including Vaccine Testing Increases, Happiest Countries ar...e Released, Microsoft Exchange has Security Issues, and Ransomware Research is Analyzing Costs. Listen in to stay updated on hot topics in the industry and more! The post CrimeScience – The Weekly Review – Episode 52 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio appeared first on Loss Prevention Research Council.

Transcript
Discussion (0)
Starting point is 00:00:00 Hi everyone, welcome to Crime Science. In this podcast, we aim to explore the science of crime and the practical application of this science for loss prevention and asset protection practitioners, as well as other professionals. We would like to thank Bosch for making this episode possible. We use Bosch Camera's onboard intelligent video analytics to quickly locate important recorded incidents or events. Bosch's forensic search saves you time and money by searching through hours or days of video within minutes to find and collect video evidence. Learn more about intelligent video analytics from Bosch in zones one through four of LPRC's zones of influence by visiting Bosch online at BoschSecurity.com. Welcome everybody to another episode of LPRC's Crime Science Podcast. today, our latest in our weekly update series. And we now, as we learned before, well over 50 of these in the special series, joined by my colleagues, Tom Meehan, Tony D'Onofrio, and by our LPRC producer in this case, Diego Rodriguez. And I want to welcome everybody.
Starting point is 00:01:02 I'll start off with just a little bit of an update. We've all been hearing over the last 50 episodes about COVID-19 in particular, you know, prevention and therapies and vaccines and masking and so forth. And so, you know, research continues on all fronts, of course. I mean, it's just, I think an unprecedented number of research studies have been and continue to be conducted around the world. So just the, again, the accumulated learning by the scientific community, the medical community around viruses and viral transmission and how to treat, how to prevent, and dispelling some old wives tales. Even the six foot rule came from, it seemed somewhat dubious beginnings or something that wasn't particularly on point.
Starting point is 00:01:51 It's been refined and has demonstrated to provide some good separation. And the intent is to keep the viral particles from entering another person, or at least not as many as we've talked about viral particles. But is it too much or not enough space and things like that are still under heavy scrutiny in research right now. We know that many schools have lessened that distance based on CDC guidance. Again, these remain open questions, and there's not going to be definitive answers, most likely. We heard a lot last year about sunlight and the detrimental effect that it has on viruses, in particular the SARS-CoV-2 virus causing the COVID-19 disease.
Starting point is 00:02:38 Emerging research now shows that sunlight is very powerful and recommended that people not get overexposed in the sun like most people in the state of Florida that might have pre-skin cancer or skin cancer, but rather enough to deactivate the virus. And in fact, it looks like sunlight is eight times more destructive to the virus than had last year in 2020 been predicted or initially thought. So it does seem to be, as the sun reemerges across the globe, a good sign in the northern hemisphere anyway for further degrading the virus and reducing its transmission. But we did start to learn late 2020 that really airborne, aerialized transmission was the main key. But again, in sunlight, this is going to reduce that transmission to a certain extent.
Starting point is 00:03:30 So according to the new science, the variants continue to dominate the news since we've talked about before, certain variants are including different types of disorder on each of the spike proteins and other parts of the virus. And again, the vaccines are designed to affect and replicate that spike protein. That's sort of the key to get into the cell to unlock the lock. But fortunately, it looks like the currently developed vaccines still have efficacy against the variants. But the concern, again, is a race to get shots in arms to preclude as much rapid variation as we're seeing right now across the globe. And it is the good news there. Closing in on 700 million humans across the world have received at least one dose of the vaccine.
Starting point is 00:04:30 That's just an incredible number in the United States. Well over 100, 100 plus million people, Americans have now received at least one dose. Well over 60 plus million are fully vaccinated in the United States with the two doses or the one if it's the J&J. We're still awaiting Novavax's data, which is probably still one to two months away as far as their application for emergency use authorization. But in the meantime, Pfizer and Moderna have continued to ramp up production and distribution under Operation Warp Speed. Johnson & Johnson the same, even though we understand there was a mishap in the manufacturer that was making both the J&J Janssen vaccine as mixed up the two, causing 13 to 15 million doses to have to be discarded, which is pretty tragic considering especially that those are one-dose vaccine
Starting point is 00:05:32 options, even though we've heard earlier that J&J is working on the two and even possibly more dose protocols just in case or to learn if there is some increase in efficacy by adding another second one. Dose, Pfizer and Moderna continue to issue pretty good news. Pfizer, especially in the area of going down to much younger children, to pregnant and breastfeeding mothers, and showing in these randomized controlled trials the safety and efficacy of the vaccine. And in those special use cases, many, many more states, of course, across the United States, going down to 18 or even 16, now making it fully available.
Starting point is 00:06:13 I know here in the state of Florida, beginning yesterday, on Monday, the 5th of April, 2021, they started ministering to 16-year-olds and above where the vaccine was there because, you know, close to 80 plus, over 80 percent of the most vulnerable had been vaccinated. The governor in that state made that a priority. And across the nation, you know, it's good news that well over 70 percent in that category have been vaccinated and just a massive amount of vaccination that took place in elder care centers. Pretty significant in that case as well. But there continue to be Gen 1, Gen 2, and possibly Gen 3 anti-COVID-19 vaccines underway in production and testing. But we know that in preclinical, there are dozens in phase one clinical trials, 50 vaccines being trialed in human clinical trials.
Starting point is 00:07:18 In phase two human clinical trials, 35 additional vaccine candidates being trialed. And presumably they all obviously made it well out of phase one. But there are now still 23 in phase three trials that have made it past the first two hurdles after making it out of preclinical testing. And again, there are five with emergency use authorization, including J&J, Moderna, and Pfizer, as well as now eight globally fully approved vaccines. So the vaccines are here. Again, we're closing on three quarters of a billion humans across the globe that will be vaccinated probably in the next six to nine weeks.
Starting point is 00:08:01 Here at the University of Florida, I walked over by the swamp, the UF stadium, football stadium, and saw the students carefully spaced out forever and ever, but they vaccinated 5,000 University of Florida students yesterday. And they estimate at the 5,000 pace that they were able to sustain that they'll vaccinate 20,000 UF students this week alone. So now with the vaccines more broadly available and approval and authorization to go down much lower, that's there making that available. So this is what we need. There's still advice and recommendations anyway to continue to mask up even if you're two weeks past your Pfizer, Moderna, or J&J vaccination. If you're fully vaccinated, you're not considered that normally until two weeks after that second or that final dose, let's put it that way. But even in that case,
Starting point is 00:08:59 in abundance of caution and very close confinement with others that are not vaccinated or that you're not residing with and so on. They're recommending that people wear masks too, because even the best vaccine is 95%, which is amazing. Anything above 50% is pretty fantastic. And 100% for serious, but it doesn't preclude getting some sort of moderate or low-grade illness because 95% means 5% or more are still vulnerable, just depending on the luck, the dosing, and so on that we've talked about over the last podcast episodes. Switching gears over here, the LPRC team working on an overall at-a-glance calendar of events. We've determined, I mentioned before, that there are really 86 touch points for LPRC members throughout the 12 months of a year, which is pretty exciting. We've got seven working groups, which means 10 touch points with each of
Starting point is 00:10:01 the working groups throughout the year. So LPRC members get their team, get a team member, one or more into each of the working groups so that they can work with their counterparts, work with solution partners, engineers, and scientists throughout the year on supply chain protection, retail fraud prevention, violent crime prevention, shoplifting and other theft prevention through the product protection working group. We've got an organized retail crime group with top investigators in there working together with law enforcement, the supply chain protection working group, the data analytics working group, and the innovation working group, all meeting 10 times throughout the year, 70 touch points there. A minimum of 10 LPRC webinars, which we've done
Starting point is 00:10:46 for years now, roughly one a month for at least 10 months, even though this year with the LPRC innovates AI solver, artificial intelligence solve, you'll see additional probably around six webinar events as well. But regardless with 10, there's another 10. And then we've got six LPRC events, right? So we've got Kickoff, Ignite, and then we have our Product Protection Summit. We've got a Supply Chain Protection Summit, Violent Crime Summit, and then, of course, LPRC Impact. So these 86 touch points will be an at-a-glance calendar for everybody. We've been working away too on meeting on using FusionNet and behind the scenes with Cobwebs, Cognite, other Intel supporters regarding the Chauvin trial in Minneapolis. Tom may or may not
Starting point is 00:11:41 touch on that a little bit depending on his timing. But we're paying very, very close attention, obviously, with the active shooter, active assailant, mass assailant event in the King Soopers in Boulder, hopefully looks like an aborted one that took place in a public supermarket in Atlanta. And then some other mass shootings that have occurred. Mark in Atlanta, and then some other mass shootings that have occurred. A very nice tight look, if you will, where we're conferring with all kinds of experts and in fact, conducting a couple of surveys right now with the retailers around this. But we're looking at some of the points, you know, we look at crime scripting, but, you know, what are some background issues that might set somebody off, or what are
Starting point is 00:12:27 some of the personal mental and cognitive characteristics, their behaviors, and so on, that might indicate or signal to others that there's a concern. But we're looking at what might activate that, something, a response that an individual might have and where they might go to carry out that. That's their response. So, you know, there are a range of triggers, there are a range of responses. Somebody might take their own life or they might just seek counseling. They might just get over it. There are a whole horizon or they might take action to harm others, like in the case of an active assailant. So we're looking at what kind of leakage, what kind of signaling could go on in social media,
Starting point is 00:13:10 in physical appearance, hygiene, workplace activities, behavior, productivity, interpersonal relations. Do we see what signals might be meaningful to know and understand? On the other side, so that's the before bang. We're also looking at bang or just right before bang. What guardianship signals might prevent somebody from actually launching a harmful act like being an active killer? So what guardianship levels, if there's nothing there, if there's some kind of technology, again, sort of the see, get, fear, or respond. We're looking at if it's a human intervention, a law enforcement officer, a security officer, or something like that, authoritarian figure, if they're armed or
Starting point is 00:13:58 not, what they're using. The issue is that in any given event, it just seems to be unknown and even unknowable if one thing or a combination of things would stop somebody not from being triggered from actually launching or initiating an attack. And so we have, we're trying to find if there's any evidence that it has or find out if we can find evidence that it might, we do have evidence that it does not always, or we don't know when that might be, but we know in the terrorist shooting in Orlando, the Pulse nightclub shooting, we know in the Parkland school shooting, we know in many, many other shootings we've looked at, the active or mass assailant events where there were uniform armed police officers that were there. They were known to be there by the assailant. They were either ignored or they
Starting point is 00:14:54 were bypassed or they even were initially attacked. And so there's evidence that even the most heavily armed situation may not preclude that. The same thing on some of these military post-active killer events and so on like Fort Hood. So stay tuned. But whenever, again, we've talked about this, when you're a victim of a crime, when we're a victim of a crime, our people, our places, we're on the defense. And there are generally no good options. There are certainly no great ones. It's just a matter of which option or options might help in this case.
Starting point is 00:15:30 And again, we're seeing people that are a month out from two vaccines, that are double masks, that are keeping distance, and they get the COVID-19 disease. We know that people that have never smoked can get lung cancer. So there's a lot of mystery in life. And as scientists, we are working together with you all trying to make sense of the world. But so stay tuned, more and more research to come. So let me do this. Let me go over with no further ado to Tony D'Onofrio. Tony, if you can enlighten us, what's going on around the world? What can we look forward to? How can we get involved? Thank you very much, Reid, and great update. And just
Starting point is 00:16:10 to mention, this week, we're also going to make some progress on LPRC Europe. More work is being done in terms of follow-up. The retailers in Europe will receive some of the follow-up material, including a survey to move the next steps and looking forward to getting the US teams all engaged more with the Europeans team in terms of this expansion. But let me switch to some good data that's coming out from multiple sources. I'll start with some good news from the Consumer Confidence Index as it was published in ChainStorage. The conference board consumer index in March rose to its highest reading in over a year after a modest increase in February. The index now stands at 109.7 from 90.4 in February. The percentage of consumers claiming business conditions are good increased from 16% to 18%, while the proportion claiming business conditions are bad fell from
Starting point is 00:17:11 39% to 30%. The percentage of consumers expecting business condition will improve over the next six months rose from 30% to 40%, and the percentage of expecting business conditions to worsen declined from 17% to 11%. So in general, we are feeling very optimistic as consumers that things are going to get much better as the year progresses. So that's good news. On a lighter note, because I do like to bring some lighter good news to this podcast, I do like to bring some lighter good news to this podcast. This week we saw from the World Happiness Organization the top 10 countries that are the happiest in the world. And this year was an unusual survey based on COVID.
Starting point is 00:17:55 But the top 10 countries that are happiest in the world in 2021 are Finland, Iceland, Denmark, Switzerland, Netherlands, Sweden, Germany, Norway, New Zealand, and Austria. So Scandinavian is all over the top 10, which is interesting, and that continues to be the case. So they must be doing something right. The UK ranked 17th and USA ranked 19th. As one would expect with lockdowns and physical distancing, the pandemic did have a significant impact on workforce well-being. Falling unemployed during the pandemic is associated with a 12% drop in life satisfaction. The report also points out towards a hybrid future of work that strikes a balance between office life and working from home to maintain connections while ensuring
Starting point is 00:18:51 flexibility for workers, both of which turn out to be key drivers for workplace well-being. So things are changing in terms of how we work impacted by the pandemic but there are certainly some lessons we can learn from the rest of the world and finally i'm going to end one of my favorite annual reports that comes out every year from ris news where they analyze what's happening with retail technology inside stores they've been doing this for a while. This is their 31st annual retail technology study, which this year they titled Building the Future-Proof Retail Enterprise. When the retailers that were polled were asked to describe the current state of retail, the words that they used the most are changing, transforming, influx, and unpredictable. The top five challenges
Starting point is 00:19:48 for the next three years that retailers are seeing are application integration, retiring legacy systems, change management, Amazon, Walmart, and Alibaba, and consolidating channel silos. The top five technology-driven strategies for the next 18 months are expanding unified commerce initiatives or omni-channel initiatives, improving network and IT system security, advancing analytics and capabilities, developing personalized marketing capabilities, and advancing mobile commerce for consumers. Retailers report that 31.6% of overall sales now come from digital channels compared to 23% last year.
Starting point is 00:20:38 This massive jump is expected to continue but not at the same pace. And it basically says that retailers are going to continue to invest and improve digital experience, which I believe is critical in terms of the future of retail. digital focus areas for the next two years are customer relationship management and personalization, email, mobile, text marketing messages to consumers, product and catalog management, product recommendations, and distributed content management, and a repository for that information. The good news for this audience is the store is still going to be at the epicenter of retail going forward, so store remain critical. The top three investments going into stores today are mobile devices for associates and managers, in-store pickup, and return of web goods, and real-time moderating and KPI. The top three in-store investments in the next 12 months are clienteling and guided selling, location-based sensing for
Starting point is 00:21:55 marketing and communication, and shopper tracking capability. Curbside pickup is getting a lot of attention in the store level. 33% have it today. 27% are currently implementing it. And 10% will implement it in the next two years. And finally, on the data front from this report, lots of focus is going into store analytics with the top five focus areas in analytics being multi-channel customer behavioral segmentation, campaign analysis and forecasting, inventory optimization, which I think is the most critical, multi-channel frequent shopper and loyalty shopping, and market basket analysis. It's a favorite report. In fact, I'll use it as one of my base for one of my next blogs. But let me summarize this week in terms of the key lessons learned from all this.
Starting point is 00:22:50 The good news is that increased consumer confidence is another indicator that retail is coming back strong. Lots of lessons that can be learned from those happy countries as we emerge into the new normal. Technology is leading retail back and retailers are intensifying focus on understanding the needs of the green shopper. For this audience especially, it's important that they not forget the red shopper because all these new technologies
Starting point is 00:23:17 will open new opportunities for shrink and tap and other challenges in retail. And to all that, I would encourage everyone to engage with LPRC to continuously improve the processes for both the green and the red shopper. And with that, I'm going to turn it over to Tom. Well, thank you, Tony. Thank you, Reed. And Tony, you set the stage perfectly for me. And what we're going to talk about is risk, right?
Starting point is 00:23:45 We always talk about it. And I think I want to really highlight today that while a lot of the things that I speak about on the podcast inherently feel like cybersecurity, they're increasing the threat landscape significantly within the four walls of retail and also beyond the unified. Increase the digital protection risk includes some of the traditional physical security methods. It isn't your grandmother's cybersecurity anymore. This is a completely different landscape. And as we digitize and as we continue to use data to make decisions, both within asset protection and out, the threat landscape increases dramatically.
Starting point is 00:24:36 So a lot more to come. And that leads me to kind of a couple of key stories around risk. And I'll start with the ones that are more cybersecurity related, but there was a Microsoft Exchange server vulnerability that was discovered a few weeks back, and it's highly recommended to patch. Basically, what it allows is it allows malicious code to be executed through a vulnerability. And to date, it feels like, based on the numbers, that there is a very small percentage of U.S.-based Microsoft Exchange servers still vulnerable. A lot of folks are not using our traditional Exchange server and are using cloud-based. But if you are using a Microsoft Exchange server, you want to make sure that you have it patched and updated. There's actually numbers that were available last week. While this is relatively insignificant in the scheme of things, there was about reminding,
Starting point is 00:25:46 this affects all of us from big business to small to just end users and consumers of when that update becomes available for your phone, for your computer, the importance of really going ahead and updating as soon as possible. The easiest threat vector for attackers to attack is known vulnerabilities. They can do it by them. They can set up scripting and really do it on its own. It doesn't require
Starting point is 00:26:12 a ton of sophistication, and they're just basically looking for that open window or open door. So the importance of patching, I can't stress enough. And that leads me to my next conversation about there was an iOS update. So if you're an iPhone user, there was a critical security vulnerability that was announced. The update was released last week. If you don't have automatic updates on your phone, you want to go ahead and you want to update that. I know for some folks it's challenging and could create challenges if you use side loaded apps. so apps that are outside of the App Store. I know for some organizations, they have a different process. But this, again, is a known vulnerability. So right now, there are people attacking that vulnerability. And basically, they're opportunistic
Starting point is 00:26:59 in some senses. But it leads me to just continuously remind folks that do the update. I know that sometimes it can be cumbersome and a challenge, but it definitely is something you want to do. Currently in the cybersecurity world, there are really two main ways that bad actors get into systems. One is through a phishing campaign, whether that phishing leads to malware or a ransomware. As we all know, phishing is those emails or those attempts that you get to replicate what looks to be legitimate and getting someone to actually take a human action and click on a link, enter credentials. That's one of the biggest ways. And really the second biggest way is through unpatched vulnerabilities. So while neither one of these are slam dunk simple things to do, the patching is something that doesn't require a lot of interaction. So I think it's very,
Starting point is 00:27:56 very important to talk through that. We continue to see kind of global nation state attacks. I think we talked about it last week, so I'm not going to go into it in too much depth because there's not a lot of information. Interestingly enough, which is a very odd occurrence, there was a fairly well-known European or thought to be European hacking group where one of the folks went out and did an interview. It was a several-hour interview, actually, and really highlighted some of the things that we talk about on the LPRC podcast. And the LPRC highlighted the fact that these groups are sharing information constantly, doing research. And there were three kind of things that I took away from this very long interview that were really interesting. One is the amount of research that these groups are doing and what the name of the group is Revel,
Starting point is 00:28:52 what they were doing is they were actually spending time looking at cyber and security insurance companies' websites to see who their customers were and targeting them because they thought in a ransomware environment that they would get larger payouts. And they claim that they actually tested this theory and for bigger companies that have cyber insurance, that they get paid quicker and more payouts. So they were doing the research and actually, you know, kind of taking a really, I don't want to say scientific, but is a scientific, but going through and really a methodical approach more of, we're going to research these companies and spend a lot of time trying to identify targets where we'll get paid. The other thing that was said, the second thing that was said that was really interesting is that certain governments, they were not going to attack because of, and he didn't say this outright,
Starting point is 00:29:47 but you can kind of read between the lines, but they knew that the action would be significant. So kind of along the lines of, yeah, the U.S. might arrest you and send you to jail, but they got to find us and they got to come overseas and we're in a non-extraordinary country. But yeah, we're not going to hack Russia because they're going to kill our family type of thing. And that's literally what they said. So taking the, the kind of the approach of the see it, get it feared as what I thought about is they understand the risk of attacking certain people or certain countries. So they're very focused on places where there's less breaks. And then the last thing, which kind of leads back to the LPRC thing is, um, there, you know, the, the open exchange of information. So, um, you know, one of the comments made was that we don't, they don't
Starting point is 00:30:31 intermingle with other groups in the sense of sharing information, um, that you would think that would work against them, but they do often share information on countermeasures that government officials use. And one of the things that came up was, you know, the FBI seizing sites and arrests that are made from the FBI. And, you know, they were talking about how to avoid arrests and what to do if you're raided. So very, very interesting interview. And really, I say, we say this all the time, it kind of reminded me of the LPRC offender interviews but more importantly it just you know reinforces the fact that you know talking about things is so important and sharing information and then lastly I'll leave this again a lot of cybersecurity stuff today and
Starting point is 00:31:19 I have two more topics one is we talked about the Verdaka breach, which was the camera breach that did affect some retailers and affected over 150 companies. There was an arrest made. The arrest was a seizure made. This person has not been extradited to the U.S. yet. But one of the actors in the Verdaka breach, they were pretty vocal about it. They went to Twitter. They went out to the dark web, they talked about it. So the US attorney has filed several many in the group, the name of the group is called the Aristocats. It's a hacking group that is unnecessarily organized group as much as a group of individuals throughout the globe that are hackers. But they are organized in the methodology that they communicate and they have some group meetings. methodology that they communicate and they have some group meetings. This arrest just kind of shows the fact that when these breaches happen, that the U.S. government takes them very seriously
Starting point is 00:32:30 and goes after it. And then I'll end up kind of with the Chavez trial in Minneapolis and what we're hearing. There is a tremendous amount of media attention, which in some cases, based on what I'm seeing in some of the groups, is fueling kind of potential civil disruption. What I would say is in the Minnesota markets that I'm watching, there is a lot of conversation about protests, but based on what I'm reading and seeing, certainly the organizers are talking about non-violence and signage and really being respectful to it. So I think a lot of that, and this is definitely my opinion has to do with the media attention. Um, cause most of the media attention is, uh, in, in reflection of thing, you know,
Starting point is 00:33:21 um, the chief of police saying what, what occurred shouldn't have occurred. People talking about that, you know, that most of the testimony that the, the, that the media is leaking is, you know, not inciting folks more showing that people are compassionate and running through. There was a very interesting post just yesterday related to, again, if there was not strong action taken on the other officers, that there would be a significant disruption throughout the U.S. I think that the thing about that post that was interesting is it had a lot of folks on it. It was a Telegram post, but it really was just people, what I would say, venting on Telegram. They weren't really talking about organizing. They were talking about the action that would occur if something didn't
Starting point is 00:34:13 occur. So we'll continue to look at that. We'll continue to watch that through the FusionNet, as well as some of the unfortunate mass shooting and active shooters. Actually, I spoke to, you know, one of my law enforcement sources last week around mass shootings. And he's, you know, you know, he basically talked about the media attention and some of the things that were occurring and what law enforcement was seeing. And to Reed's point earlier, what his comment was, is that, you know, the counter, in the Capitol with the ramming of two Capitol Police officers. So we talked a little bit about that as well. So stay tuned for more, and we'll continue to keep bringing things to you. Over to you, Reed. All right. Thanks so much, Tom. Thank you, Tony. So that's it from the team here. And we wish everybody a safe, active, productive week ahead. And please let us know your questions, comments, and becoming a member of the LPRC research and results community. So signing off from Gainesville, this is Reed Hayes. Thank you. Thanks for listening to the Crime Science Podcast presented by the Loss Prevention Research Council and sponsored by Bosch Security.
Starting point is 00:35:58 If you enjoyed today's episode, you can find more crime science episodes and valuable information at lpresearch.org. but you can find more crime science episodes and valuable information at lpresearch.org. The content provided in the Crime Science Podcast is for informational purposes only and is not a substitute for legal, financial, or other advice. Views expressed by guests of the Crime Science Podcast are those of the authors and do not reflect the opinions or positions of the Loss Prevention Research Council.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.