Thanks to well thought out disaster recovery plans, including redundant data storage and mirrored sites, banks that had foreign exchange and trade finance operations in the World Trade Center suffered almost no loss of data or interruptions in service.
At Bank of America, which had IT and treasury services units in the Twin Towers, work was transferred to another facility within minutes. "From a systems perspective, we had little impact," said spokeswoman Eloise Hale.
However, the heavy damage inflicted on the telecommunications infrastructure of lower Manhattan disrupted trading activity. One of those affected was Bank of New York, which had to suspend government bond trading for a few days see story, page 10. "While our systems were operating, we were not communicating with clients or their connectivity was down and they weren't communicating with us," said Robert Grieves, senior vice president of corporate communications. Bank of New York also experienced interruptions to its ATMs.
The geographic concentration of the financial services industry and its dependence on telecommunications and other infrastructure is not limited to large banks. Those banks below $35 billion in assets, which depend on outside service providers like Alltel, Metavante, Bisys and Fiserv, will also need to reassess their backup and recovery plans. "You can't say if you're a banker in Des Moines they won't target me," said Jim Eckenrode, head of consumer banking research at TowerGroup. "They may not target you, but there might be something that could affect you."
Nor can banks afford to let down their guard against cyberterrorism. Just after the attacks, the FBI issued a warning about a potential denial of service threat emanating from "vigilante" hackers targeting organizations perceived to be associated with the terrorists. The FBI said that a group of hackers called the Dispatchers claimed to have over 1,000 machines under their control.
"The denial of service concept applied on a large scale to the banking infrastructure could be devastating," said Dain Gary, chief security officer of Red Siren Technologies, a Pittsburgh-based cybersecurity firm.
Although larger banks have honed their systems security in preparation for Y2K and Gramm-Leach-Bliley, smaller ones are still vulnerable to attack, said Gary. "Smaller banks are at higher risk because they don't appreciate that you can't install off-the-shelf hardware and software and expect it to be secure."