Essential Eight ML1 Uplift for Australian SMBs: A Defensible Ransomware Baseline Across All Eight Mitigation Strategies

Your office manager calls on a Monday morning to say nothing will open. The file share is full of files with strange new extensions, the accounting database is locked, and there is a text file on every desktop demanding payment in cryptocurrency. Your IT person — internal or outsourced — starts the long conversation about backups, what was encrypted, and whether you have to tell anyone. Essential Eight ML1 Uplift from Cyber by Exegesis is the engagement designed to make sure that Monday morning does not happen, and that if it does, you recover from clean backups instead of negotiating with criminals.

The problem

Ransomware is the SMB cyber loss category that does the most damage by impact in Australia. The mechanics are well understood: an attacker gets into one machine via a phishing email, a stale internet-facing service, or a reused password, escalates privilege, disables backups, and then encrypts. The ACSC Essential Eight Maturity Model exists precisely because the controls that stop this chain are not exotic — application control, patching applications, configuring Microsoft Office macros, user application hardening, restricting administrative privileges, patching operating systems, multi-factor authentication, and regular backups.

Most Australian SMBs we meet have some of these in place, none of them documented, and no evidence pack that would survive an insurer’s question or an OAIC notification under the Notifiable Data Breaches scheme. The gap between “we think we are doing this” and Maturity Level 1 across all eight strategies is the gap a ransomware crew walks through.

What Essential Eight ML1 Uplift does

Cyber by Exegesis runs a fixed-scope engagement to lift an Australian SMB from no defined baseline to ACSC Essential Eight Maturity Level 1 (ML1) — not ML2, not ML3 — across all eight mitigation strategies:

• A gap assessment against each of the eight strategies at ML1, mapped to your actual environment (Microsoft 365 or Google Workspace, your endpoint estate, your backup arrangement).
• A prioritised implementation plan that sequences the cheapest, highest-leverage controls first — typically MFA on internet-facing services, application patching cadence, and a tested backup restore.
• Hands-on remediation in your tenant and on a representative endpoint sample, with the rest documented as a playbook your IT provider can execute.
• An evidence pack — screenshots, configuration exports, policy documents — that demonstrates ML1 compliance to an insurer, an auditor, or a board.
• A short written report with what was changed, what remains, and a 90-day review window.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is preventive baseline work. We set the controls to ML1, leave you the evidence, and step back. We are not your IT provider and we are not your incident responder.

How it works

1. We confirm the engagement scope on a short call, identify the in-scope tenants and endpoints, and request read-only access to your identity provider, endpoint management, and backup console.
2. We run the ML1 gap assessment across all eight strategies and produce a baseline report — what is present, what is partial, what is absent.
3. We propose the prioritised implementation plan, then apply the remediations across a two to four week window so you see no operational disruption.
4. We test the backup restore against a representative dataset — an untested backup is the single most common ransomware-recovery failure mode we see.
5. We assemble the evidence pack and walk you through the written report and the 90-day review window.

Why this matters in Australia

Australian SMBs sit in the awkward middle of the ransomware market — large enough to pay, small enough to lack the controls that make encryption hard. The ACSC Small Business Cyber Security Guide is explicit that the Essential Eight is the recommended baseline, and the Notifiable Data Breaches scheme makes the consequences of a ransomware-driven data breach a regulatory matter, not just an operational one. Reaching ML1 across all eight strategies — and having the evidence to prove it — is the difference between a contained incident and a notifiable breach with customers, the OAIC, and your insurer all in the same conversation.

Sources

• ACSC Essential Eight Maturity Model: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Essential Eight ML1 Uplift (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Essential Eight ML1 Uplift for Australian SMBs

We are sequencing engagements by sector and by tenant type (Microsoft 365 first, Google Workspace second). Join the waitlist with your sector, employee count, and current email tenant — we will tell you when we are ready to take a brief from your business.