March 24, 2021

Common Misconceptions of Business Recovery

At MOXFIVE, we are often engaged by clients to help manage the incident response efforts.  With the explosion in ransomware, our time is often spent focusing on and guiding the recovery efforts because this is typically the most critical workstream of the response efforts with the most attention from organization’s executive team.  To that end, much of our recovery efforts involve guiding our clients through the complexities of recovery efforts and helping them make the most informed business decisions possible. In those conversations, our goal is to dispel many common misconceptions that organizations have about the recovery process and guide them forward using the best practices we’ve learned over the years.  

Below is a quick look at some of the challenges we commonly see in managing recovery efforts followed by what we think helps combat those challenges to help recovery run more smoothly.  

What Makes Recovery Efforts Go Poorly?

Let’s be honest – there are many reasons that recovery efforts can go poorly. It’s a challenging process with many activities that all have a sense of urgency. We generally find that the following are the top trends that lead to recovery efforts going poorly:

  • Setting unrealistic expectations around recovery time, efforts, and projections or estimates which results in ineffective decision making and communication to external parties.
  • Having too many “cooks in the kitchen” results in lack of a clearly defined goal line, lack of organization, and competing or duplicative priorities.
  • Not leveraging or engaging with external IT support too late which can slow down recovery efforts.
  • Not engaging a Technical Advisor to guide the recovery efforts and avoiding common mistakes that can elongate the recovery efforts.
  • Making improvements to the environment throughout the recovery efforts which can elongate and add complexity to restoration of services.
  • Believing that the environment will be the exact same as it was before (hint: it won’t be).

What Makes Recovery Efforts Go Well?

Again, there are many factors that contribute to a smooth recovery process. Of these, clear communication and clearly defined roles are perhaps most critical. This is why all of our engagements are spearheaded by a Technical Advisor or leader who manages the recovery efforts, keeps communication consistent, and coordinates the many complicated workstreams. Below are the key elements we believe lead to a more successful recovery:

  • A defined disaster recovery plan with clear roles and responsibilities of team members.
  • Establishing defined workstreams and workstream owners.
  • Clear communication channels and escalation paths across all service providers assisting in the response process.
  • A single priority list of servers and applications (one source of truth) to recover and a defined recovery process to follow (see our previous blog for more details).
  • Trusting and following the recovery process.
  • Clear and defined metrics to track progress, identify bottlenecks, and guide business decisions.

As you read through those, I’m sure you’ll see a pattern emerging – the words clear and defined are used in all but one. We can’t stress it enough – communicating clearly and having defined roles and workstreams are absolutely critical to ensuring success both during and long after the recovery process.  

If you would like to learn more about our approach to business recovery or speak with one of our MOXFIVE Technical Advisors, send us a message at or through our website at to get in touch.  

Jeff Chan

Jeff is a technical cyber security leader that has helped build incident response teams and has led a large number of digital forensics and incident response investigations. As a technical advisor at MOXFIVE, Jeff has assisted clients in managing incidents and recovering their networks from cyber security attacks.

Experts predict there will be a ransomware
attack every 11
seconds in 2021.
from Cybercrime Magazine
Our mission is to minimize the business impact of cyber attacks. 


Incident Response

MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.

Learn More

Business Resilience

With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.

Learn More