LPRC - CrimeScience – The Weekly Review – Episode 68 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio
Episode Date: July 30, 2021Famous Hacking Group Goes Underground! LPRC Goes to a Kroger Summit! In this week’s episode, our co-hosts discuss these topics and more, including a study shows Cyber Security Vulnerabilities are kn...own by most people but are still done anyways, US GDP is growing by over 6%, Sales are growing, and China Sales and GDP are growing as well. Listen in to stay updated on hot topics in the industry and more! The post CrimeScience – The Weekly Review – Episode 68 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi, everyone, and welcome to Crime Science.
In this podcast, we explore the science of crime and the practical application of this
science for loss prevention and asset protection practitioners, as well as other professionals.
We would like to thank Bosch for making this episode possible.
Take advantage of the advanced video capabilities offered by Bosch to help reduce your shrink
risk.
Integrate video recordings with point-of-s sale data for visual verification of transactions and exception reporting. Use video analytics for immediate notification of important
AP related events and leverage analytics metadata for fast forensic searches for evidence and to
improve merchandising and operations. Learn more about extending your video system beyond simple
surveillance in zones one through four of LPRC's zones of influence by visiting Bosch
online at boschsecurity.com. Hello, everybody. Welcome to another episode of the Crime Science
Weekly. I'm joined by my co-host, Tony, and Reid's out traveling. I think we're all traveling now.
Now we're back in the swing of things to a certain degree. So today I'm going to be brief and talk
about a couple topics, one that we always talk about, which I think is ransomware. And this is something that I'm
pretty proud of, as Tony, myself, and Reid talk a lot about trying to stay ahead of
some of the larger news media organizations. But when we talked about some of these ransomware
attacks that occurred over the 4th of July weekend, I made some bold statements about
the U.S. government getting involved in what would occur. And the group Revel mysteriously vanished.
And what has occurred, and this has been pretty public, half of this has been pretty public
at this point, is the U.S. government got with the Russian government and basically through back channels said, you need to stop these guys. They're causing major issues. And this group has
vanished. And through the help of two governments working together, we're not quite sure what that
means, if they're going to turn up somewhere or they're gone. But what all of the intelligence
analysts are pointing to is that the Russian
government basically said, hey, cut it out. You've drawn the attention of the United States
government, and they're now angry, and they're coming after you. And this is creating diplomatic
issues. So the power of the US government and the power of any of the nation states,
when it's not a nation state sponsored attack attack really does kind of play a significant role.
And Russia is a little different than China.
And this is all based on intelligence communication, where if you're in Russia and you don't do
anything nefarious towards the Russian government or anybody that they're directly allied with,
it actually, there is no impact, although they're not generally nation state attacks
where the government is actively involved.
So this is a good example of where the government basically said, hey, do it.
We don't have a problem if you do it, as long as you don't do it to any Russian entities. And this
is a very general statement and kind of semantics at the same time. But now that it created issues
for them, they went in and said, hey, knock it off. So while this is a great story, the bad side
of this is Revel has vanished. So you have several thousand people who are left with the challenge of their files encrypted, and they've either made a ransom payment and not gotten a decryption key, or they can't get in touch with anybody. Yes, it does really sincerely look like this group is vanished, much like the last time this happened.
The rebel group, the dark trace group also stopped operating shut closed up shop, if you will.
And actually, my hypothesis here is that you'll eventually see some of these people being caught, whether they're caught while they're on vacation or handed over, I believe that will
happen. The challenge comes into play today is, yeah, the group has stopped and that's fantastic
news for everybody that has a challenge with ransomware. The issue is that now some people
are not able to decrypt their computers, which is obviously a major concern if you were trying to work with that person.
Although I don't necessarily recommend making payments, I also say that it is a business
decision that only you and your business can make based on where you're at.
So I think we'll continue to hear more about this, the ransomware, but I do think that
as we spoke about it even a month ago,
when you have the highest level of the federal government attacking the folks that are doing
this, both financially, politically, and actually going physically after folks, you see the tide
changing because of the fact that the risk doesn't outweigh the reward when the U.S. government
is coming after you.
So I still believe it's the biggest threat that's out there for both businesses and
individuals.
But I do also believe that the government is taking a much greater approach, which in
turn will, in fact, stop some of this from reoccurring.
So we'll keep tuned to that. And then I'll just
close out with, there was a study done around, excuse me, cybersecurity and really heavily
focused on remote work by Theoretic Century, which is a cloud provider. And it was a pretty alarming study. Although
they don't give specifics of who they would reach out to, where it's really concerning is that 79%
of the people that were involved engage in known risky behavior when using remote work computers.
More than a third of them, you know, save their passwords
and their browsers and use similar passwords in other accounts. And then when you go further,
98% of the people in the survey answered an understanding that, you know, clicking at emails
of unknown sources and sharing credentials with colleagues was extremely risky.
So why this survey is so daunting is the simple fact is people are acknowledging we know this behavior is extremely risky,
but we're doing it anyway. And we're doing it anyway in a large proportion.
When you think about when you think about almost eight out of 10 people that responded are saying, yeah, we do this and we're doing it.
And then when you go even further into the survey and you have a great understanding that these folks that are taking the surveys have a clear understanding of what is occurring.
This isn't a case where they're not sure the behavior is risky.
They're actually doing it with full know-how that there is a risky behavior. So this is
very alarming. What it really states when you think about remote work is that there's a need
for continuous education awareness. Why we're doing this podcast today to talk about the
importance of not reusing passwords, to talk about the importance of updating and patching,
to talk about the importance of making sure that you don't click on links and download files that
you don't know what it is. One of the things that really, really stood out for me is that the very
specific risky behavior that people said, yeah, we do it. And while it's
a survey, so you can't really talk to them to know what they were thinking. The other one thing
that was glaring for me for remote work is a relatively low percentage of people, 26%
associated a risk with allowing their family members to use company
devices. And we talk about this all the time. You know, kids, and I have young kids, but regardless
of how old your children are, using your computers to play video games, to do things, to download
things, that there's a risk associated with it. Most companies, and this is a broader general statement,
put a lot of role-based access controls to try to limit that. But there is that swing of pendulum of,
I want to make sure that my associates can use their computers for what they need, get their
work done while still keeping safe. So even in a zero trust environment, there is a reality of we want
people to be able to work. We want people to be able to continue to use their equipment and not
lock it down to the point of no return, if you will, where you really can't do anything. So
I think we'll continue to see this trend. I do believe that the remote work is turning more into
a hybrid work and we'll see people
in both situations. But I also would say outright that we'll continue to see threat vectors that
occur because of what we're seeing with remote work. I do also say that although, and I want to
make sure that I say this, although I think there's some great progress with the U.S. government taking the approach of, you know, we're going to try to limit, if you will, some of these bad actors from doing the things that they're doing.
There still really is a potential for ransomware.
It's still going to be one of the greatest pieces of attack.
going to be one of the greatest pieces of attack.
And then lastly, and we talked a little bit about it, is there hasn't been much more chatter on the China being involved in the Microsoft Exchange attack.
We'll continue to monitor that.
The US government has taken a stance.
China has denied it, and it's somewhat fizzled out.
So I think we'll continue to see more with that on that front, and we'll continue to
keep you up to speed.
And with that, I'll turn it over to tony thank you very much uh tom so reed is actually today at a
kroger company integrated solution summit so he's actually not recording today we're doing this
podcast because there's so much great information available out there that we want to make sure you
don't miss every week in terms of what is going on. Reid will be back with us next week. And actually,
I'm in the middle of researching right now what's going to happen, the balance of this year,
both in the global economies in retail and what are some of the key trends that are sticking
for the rest of this year that will impact the holidays. And this is for one
of my next articles that I'm working on. So today, this audience gets an advanced preview of some of
that research. So let me start with first, what's the global economic outlook going to look like?
This is the latest forecast for the quarter three 2021 from Euromonitor.
And what they're projecting is that the global economy is now expanding fast,
with recovery continue to be aggressive at 6% in 2021. And it will continue to grow very nicely nicely next year in 2022 at 4.6%. The global real GDP growth has remained unchanged since the last
forecast in Q2. But what the forecast did change is that the developed economies are doing better
and the developing, so emerging economies are doing worse coming out of this pandemic and the new forecast.
They actually revised the forecast down for developing economy.
Global output is estimated to have returned to pre-pandemic mid-year of this year, but it's actually 2% below the pre-pandemic forecast levels, even when you get to 2023. So we're not as robust as we would have been
had there been no pandemic, but we are coming back extremely strong. For the U.S., and this
number surprised me, Euromonitor is projecting GDP growth to 6.7% this year, and that's actually
getting close to what China is seeing this year. China is projected to grow this year 8.6%.
Europe or the Eurozone remains the slowest part of the world that is growing. So their
global domestic product is only going to grow this year 4.3%. For next year, 2022,
year 2022. Globally, again, GDP is expected to be up 4.6%. The US is expected to be up 4.3%.
China, 5.5%. And the Eurozone, 4.3%. So good two years of growth projected by Euromonitor and the overall economies. Shifting gears to retail sales and how are we doing globally retail sales and where we are expected to grow.
So starting again, reminding you what I said in a couple of podcasts ago, the U.S. had a solid June
with sales being up 0.8% and then being up 12.5% for the first six months of the year, up 16%.
So really robust, robust.
According to NRF revised forecast, retail sales for 2021,
retail sales are expected to grow anywhere from 10.5% to 13.5%.
So good year in the U.S. for retail sales this year.
Same thing in China.
China had a June sales increase of 12%,
which was slightly down than May's 12.4%.
And for the year, they're expected to grow an amazing 14.7%.
So nearly 15% retail sales.
And again, Europe is the laggard, the eurozone.
The 19 countries that share the euros, for May, their retail sales were up 4.6%, which was 9% higher than the year earlier.
The month before, in April, they fell 3.9%, although that was much higher than the really pandemic-induced year,
which was up 23% on the year earlier in 2019.
So Europe is a laggard in terms of retail.
U.S. and China lead the world in terms of the aggressive growth
that is taking place.
Some hints from Salesforce on a new survey
of what the retailers are going
to be up against as the holidays come up here in the U.S. Salesforce is predicting that U.S.
retailers will experience a labor shortage of about 350,000 workers in the November and during
the holiday period. They're also going to spend a lot more for goods,
and that number is $223 billion in the second half of 2021.
Then in the same period last year, so costs are going up.
The amount represents a 62% on last year's compromise.
It's comprised of an additional additional 12 billion spent with suppliers, 48 billions on
wage expenses, and 163 billion on logistics costs. So costs are going up this holiday season, so
the inflation headwinds potentially will impact some of the shopping. And finally, really my
favorite and one of the things that I saw this
week that was interesting to me was from McKinsey that looked at six months into 2021. They had
predicted at the beginning of the year some things would happen this year. How are we actually doing?
So from McKinsey, which trends are sticking six months into 2021. They see two consumer trends that are sticking.
One is home nesting.
The nationwide do-it-yourself and clean-up binge.
Almost three in 10 U.S. households renovated their homes
or added finance to equipment during the pandemic.
The same percentage should treat themselves to more home improvements.
The other is the disruption in consumer loyalty. About three quarters of Americans changed their
shopping habits in 2020, and 40% of these changed brands, twice the rate of 2019.
Younger people were more likely than older ones to switch, And the implication, as McKinsey said, which I think is
important, loyalty must be earned again and again, especially during the pandemic, because consumers
easily switch. On travel, we are getting back on planes. As Tom said at the beginning of this,
America is not moving again to see friends and family. In 2020, spending
on travel for more than 40 percent and on business travel more than 70 percent. Now more than 60
percent of Americans feel comfortable taking a vacation. Many are already doing so. Traveling
around the July 4th was at record highs, with the second half of June almost two million people
traveling through U.S. airports. So the domestic travel, especially for vacation, is back.
Business travel is starting, but it's not there yet. And innovation, we're spending a lot more
time during the pandemic coming up with new companies.
In January, McKinsey noted that new business applications in the third quarter of 2020 more than doubled from the same level in 2019.
That included a 50% inclusion application for high propensity business, which are more likely to have multiple workers.
The number of startups have actually been going up dramatically.
And what's encouraging is that growth continues to be strong.
Since the U.S. Census Bureau started keeping statistics on the subject in 2005,
no month recorded more than 340,000 new businesses until June 2020.
Since then, every single month has at least reached that level, which again, that's an
amazing number, 340,000 new business.
And the momentum is positive.
For the first five months of 2021, so an average of 472,000 new business applications a month, many more than in the
last five months of 2020, even as unemployment rates continue to fall.
So we continue to build businesses.
On digital transformation, we continue to accelerate that.
McKinsey, in their analysis, talked about that we're in the fourth industrial revolution.
There's a lot more now applications
of artificial intelligence, analytics, digitization,
and other technologies.
And that continues to accelerate.
The COVID pandemic sped up digitization
by three to seven years, which was considered best,
which back in the old days, that was considered best in class.
So we are, as I've been talking about on all these podcasts,
digital transformation has been dramatically accelerated by the pandemic.
And all the surveys from executives is that that trends will continue.
They are investing in terms of how they will digitally transform their companies
by adding more innovation and changing their business model.
And then on consumer behavior, the big change in consumer behavior
has been a shift to e-commerce and remote options.
In the United States, e-commerce grew more than three times as quickly
from 2019 to 2020 than the previous five years.
And some Americans started buying cars online without even actually checking the tires,
as we did in the old days.
Mass retailers' online sales rose 93% in 2020.
Apparel, fashion, luxury retailers' online penetration rose to 26% from 16%.
And those are mostly sticking, although we're starting to go back to store.
The challenge is that e-commerce is less profitable than in-store shopping.
So as McKinsey concluded, which I fully agree,
we need to move towards a much more integrated
omni-channel structure where consumers can shop anywhere.
And what was shocking to me is that one of their surveys found that two-thirds of retailers
don't consider omni-channel when they actually make decisions for stores. So there's a lot of still work to do to actually get to a unified channel
across both online and offline because that trend is sticking.
It's not going to go away.
The new services that came up during the pandemic, consumers like,
such as buy online, pick up in stores,
but they have to be optimized and be improved because they detract from margin.
So the future is bright. The economy is strong going into the second half of the year.
Retail sales also very strong going into the second half of the year.
second half of the year. Digitalization is sticking. And really what we talked about a lot on this podcast is figuring out how to optimize it for both the green and how to minimize it for
that red shopper is becoming much, much more important. So with that, we're going to close
this week and looking forward to our next podcast where we'll talk about more what's happening with
COVID around the world and the Loss Prevention Research Council.
Signing out from Gainesville, this is Tony and Tom.
Thanks for listening to the Crime Science Podcast, presented by the Loss Prevention
Research Council and sponsored by Bosch Security. If you enjoyed today's episode,
you can find more crime science episodes and valuable information at lpresearch.org.
The content provided in the Crime Science Podcast
is for informational purposes only
and is not a substitute for legal,
financial, or other advice.
Views expressed by guests of the Crime Science Podcast
are those of the authors
and do not reflect the opinions or positions
of the Loss Prevention Research Council.