Backup and Ransomware Preparedness for Adelaide SMBs: Find Out Your Restore Doesn’t Work Before the Attacker Does

Your office manager calls on a Monday morning saying the file server is showing a ransom note and nothing opens. You ring your IT provider, who tells you the backups are running — they have been running every night for years. Then they try a restore. The most recent clean backup is from six weeks ago, the immutable copy was never actually configured, and the test-restore that was supposed to happen quarterly has not happened since the last staff change. Backup and Ransomware Preparedness from Cyber by Exegesis is the engagement designed to surface those failures before the ransom note arrives.

The problem

Ransomware is the highest-impact cyber loss category for Australian SMBs, and the reason it keeps causing six- and seven-figure outages is rarely that the attacker was sophisticated. It is that the victim’s backup chain was untested. The ACSC Small Business Cyber Security Guide is direct about this: backups must be regular, kept separate from your main network, and — critically — restored on a schedule, because a backup you have not restored from is a hope, not a control.

The other half of the problem is the response itself. When the encryption hits, the business has minutes to make decisions that should have been pre-decided: who pulls network cables, who calls the insurer, who calls the IT provider, who tells staff to stop working, and — if customer PII is involved — who starts the clock on the OAIC Notifiable Data Breaches assessment under Part IIIC of the Privacy Act 1988. Most Adelaide SMBs have none of this written down.

What Backup and Ransomware Preparedness does

Cyber by Exegesis runs a fixed-scope engagement focused on the two things that determine whether a ransomware incident is a bad week or an extinction event — your backups and your response plan:

• A review of your backup chain: frequency, retention, immutability (or the lack of it), off-site or off-tenant separation, and whether the credentials used to manage backups are reachable from the same domain the attacker would compromise.
• A live restore test of a representative dataset — not a “backup job completed” green tick, an actual file-level and system-level restore with a stopwatch on it.
• A written ransomware response plan tailored to your business: isolation steps, call tree, insurer and IT-provider contacts, evidence-preservation notes, and the OAIC NDB assessment trigger.
• A 60-minute tabletop exercise walking your owner, office manager, and IT contact through a realistic Adelaide-SMB ransomware scenario, with decisions logged as we go.
• A short written report covering what works, what does not, and the remediation order.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is preparedness, not incident response. We set the controls and the plan, then step back.

How it works

1. We confirm scope on a short call, identify the systems and data that matter most to your operations, and request read-only visibility into your backup tooling and IT documentation.
2. We assess the backup chain against ACSC Small Business Cyber Security Guide expectations — frequency, separation, immutability, and restore-tested.
3. We run a live restore test on a representative dataset and time it, so you have a real Recovery Time Objective figure rather than a vendor brochure number.
4. We draft your ransomware response plan and walk it through a 60-minute tabletop exercise with the people who would actually be in the room on the day.
5. We deliver the written report with the remediation order and a 90-day review window to confirm the gaps have been closed.

Why this matters in Adelaide

Adelaide’s SMB base — manufacturing, defence-adjacent suppliers, professional services, healthcare practices — runs on small IT teams or single-provider managed services, and that is exactly the operating model ransomware crews target. An Adelaide SMB that has tested its restore, separated its backups, and walked its response plan through a tabletop is in a fundamentally different position on the morning the ransom note appears: the question becomes “how many hours” rather than “do we still have a business”. For SMBs holding customer PII and subject to the OAIC NDB scheme, the same preparation is what makes the 30-day assessment window feasible instead of frantic.

Sources

• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• ACSC Essential Eight Maturity Model (regular backups is one of the eight mitigation strategies): https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Backup and Ransomware Preparedness (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Backup and Ransomware Preparedness for Adelaide SMBs

We are sequencing engagements by sector and by backup platform. Join the waitlist with your sector and current backup tooling — we will tell you when we are ready to take a brief from your business.