this is why the banks are a perfect hacker target. they are full of arrogant, ignorant people whose main judgment on whether something is important or not, is what their buddies think. since their buddies are all bankers, they kind of have a myopic view of the world.
I assure you, the people who do IT here know exactly what they're doing. You're talking to one of them right now. Besides a corporate culture and management that supports and leverages their IT resources, the lawyers and reams of federal laws governing the business simply won't allow what you're proposing to happen here or at any other major financial institution in this country. Again, I cannot comment directly on specific business practices, nor can I act as a spokesperson for the business I work for, but as an IT professional, I would stake my reputation on the security here being sufficient to prevent the kind of damage discussed in the article. Is it perfect security? Of course not. It is sufficient security.
i used to work at a 'financial institution', and let me tell you, its running everything from DOS to WinNT to WinXP ---- everyone brings their cellphones and USB sticks and plugs them into their computers to charge, everyone visits any website that pops into their mind without thinking about security. machines are running all kinds of versions of IE, sometimes back to 6.0, often unpatched.
You should call the government then and step forward to collect your million dollar whistleblower bonus then. Cell phones aren't connected to the network, and as to anything being plugged in via USB... I happen to know for a fact that any unrecognized devices that are connected to any workstation generates a security alert in realtime. The offender usually has a visit by security accompanied by his/her manager in a matter of minutes. And speaking as someone who works in software packaging and deployment, There is no "all kinds" of anything on the network. As soon as a new version is approved for use (the approval process is extensive, I admit) , it is deployed to all workstations as quickly as labor resources can handle it. There is no "IE6" running anywhere in production here.
everyone visits any website that pops into their mind without thinking about security.
Which is why there are numerous proxies and realtime scanners. I'm sorry if you've been living under a rock these past eight years or so, but google "Intrusion Detection System" sometime. Internet access is something any office worker demands, and worker morale is very negatively affected if it's unavailable. This is a happy medium for most corporations. You're right that an airgapped network would be "more secure" but then so would unplugging the computer and locking it in the closet. I work with security reality, not the security fantasy you're laboring under.
nobody understands even the basic principles of computer security - and despite the banks strong profits,
"Nobody" is standing right in front of you telling you that we not only understand them, we exceed them by leaps and bounds. And in a recent article, those "strong profits" only came about in the last few months. In Fantasy Security, a large business with over 130,000 workstations spread across over 5,000 retail locations can simply push a button and revamp their security because the money is now available, but in Realworld Security, the budget is approved in January, and the plans are made the year before. Everything we're doing now is based on last year's "profits". And by profits, I mean... in the red. Something about a subprime mortgage crisis we're just getting over, I suppose.
the bank branches are full of minimum wage employees who have something like 90% turnover for a year,
Dude, lay off the cheap $3 crack. It's 30%. Still high, but 10 seconds on google could have prevented making an ass of yourself.
. the apps where you can deposit checks now on your phone have been sent out - again, little or no discussion of security issues.
There is simply not enough space in this already long rebuttal to address just how wrong you are, but those check-deposit apps are only validating information that's already sitting in a database somewhere. There's about a hundred checks and balances that go into validating that check and making the funds available in your account. You cannot simply write yourself a million dollar check and "scan it in".
you get more training working for a call center cube farm for $10/hour than you do when you work at a bank moving around millions of dollars of negotiable instruments.
Yes, because the systems are setup to have a staggering array of auditing, checking, and controls. There is very little training needed because most of it is automated. The drawers are counted down hourly or so, and everything is double-checked and accounted for several times a shift. It's been that way since, uhh, about the mid-80s. A teller trying to skim the till is about the stupidest thing you can do... there hasn't been a successful case of it happening for more than pocket change in many years.
the real thing going on here is that since the banks watched themselves all get bailed out in 2008
And now you've switched off the topic completely and are on to some kind of political rant, which I won't even dignify with a response. Please mods, frob that "overrated" option. It's irritatingly obtuse and I'll lose faith in humanity if you don't. Do it for the kittens.