Essential Eight ML1 Uplift for Adelaide SMBs: Get to a Defensible Ransomware Baseline Before You Need One

Your office manager calls on a Monday morning to say none of the files on the shared drive will open, and there is a text document on every desktop demanding payment in cryptocurrency. Your bookkeeper cannot invoice. Your operations lead cannot access the job schedule. Somewhere in the next 48 hours you will be deciding whether to pay, whether to call your insurer, and whether what the attacker took qualifies as an eligible data breach under the OAIC’s Notifiable Data Breaches scheme. Essential Eight ML1 Uplift from Cyber by Exegesis is the engagement designed to put an Adelaide SMB on a defensible baseline before that Monday morning arrives.

The problem

Ransomware is the most damaging single cyber loss category Australian SMBs face, and the ACSC’s response has been clear and specific: the Essential Eight Maturity Model. ML1 is the entry-level target — the baseline the ACSC expects of any organisation seriously trying to defend itself against opportunistic attackers, which is the threat profile most ransomware operators fit.

Most Adelaide SMBs we speak to are not at ML1. They have some controls — antivirus, a backup somewhere, multi-factor authentication on email — but no documented baseline across all eight mitigation strategies (application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, regular backups). Without that baseline, two things go wrong: the controls have gaps the owner cannot see, and after an incident there is no evidence pack to show an insurer, the OAIC, or a customer that reasonable steps were taken.

ML1 is not a high bar. It is the bar. Most SMBs simply have never been walked through it.

What Essential Eight ML1 Uplift does

Cyber by Exegesis runs a fixed-scope engagement to take an Adelaide SMB from no defined baseline to ACSC Essential Eight Maturity Level 1 across all eight mitigation strategies:

• A gap assessment against each of the eight strategies at ML1 — what is in place, what is partial, what is missing — documented against the ACSC’s published maturity model.
• A prioritised implementation plan sequenced by ransomware risk reduction: MFA, backups, patching, and admin privilege restriction first; macro settings and application hardening next; application control last (because it is the most operationally sensitive).
• Hands-on configuration changes in your Microsoft 365 or Google Workspace tenant and on your endpoint fleet, working with your IT provider or directly with your devices.
• A tested backup configuration — including a restore drill — because an untested backup is not a backup.
• An evidence pack: a written report mapping each ML1 requirement to the control as implemented, with screenshots and configuration exports, suitable for an insurer, a customer security questionnaire, or an OAIC enquiry.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. This engagement targets ML1 specifically. It does not claim ML2 or ML3 coverage; those are separate engagements with materially more scope.

How it works

1. We confirm scope on a short call, identify the systems in scope (endpoints, identity provider, file storage, line-of-business applications), and request read-only access to your Microsoft 365 or Google Workspace tenant.
2. We run the gap assessment against each of the eight strategies at ML1 and produce the baseline report.
3. We agree the implementation sequence with you, taking into account operational sensitivity, and apply changes across a two to four week window.
4. We run the backup restore drill end-to-end and document the result.
5. We deliver the evidence pack and a 90-day review window — ML1 is a baseline, not a finish line, and drift starts immediately.

Why this matters in Adelaide

Adelaide’s SMB base is concentrated in defence supply chain, advanced manufacturing, health, and professional services — sectors where ransomware operators specifically target smaller suppliers as a path to larger customers. An Adelaide SMB feeding into a defence prime or a health network increasingly has Essential Eight expectations flowing down from the customer, not just the ACSC. ML1 is the level at which an SMB can credibly answer the question on the customer security questionnaire and the question from the OAIC after an incident. Getting there before either of those conversations happens is the whole point of this engagement.

Sources

• ACSC Essential Eight Maturity Model: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• OAIC Notifiable Data Breaches scheme (in the event a ransomware incident results in an eligible data breach): https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Essential Eight ML1 Uplift (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Essential Eight ML1 Uplift for Adelaide SMBs

We are sequencing engagements by sector and by tenant type (Microsoft 365 first, Google Workspace second). Join the waitlist with your sector, headcount, and current email tenant — we will tell you when we are ready to take a brief from your business.