Essential Eight ML1 Uplift for Brisbane SMBs: Get to a Defensible Baseline Before Ransomware Finds You

Your office manager comes in on a Monday morning and the shared drive will not open. A text file on the desktop tells you that your files are encrypted and a wallet address is waiting. Your bookkeeper cannot invoice. Your project files are inaccessible. You do not yet know whether the attacker also exfiltrated data — which means you do not yet know whether you have an OAIC notification obligation on top of an operational disaster. Essential Eight ML1 Uplift from Cyber by Exegesis is the engagement that takes a Brisbane SMB from no defined baseline to ACSC Maturity Level 1 across all eight mitigation strategies — before that Monday morning arrives.

The problem

Ransomware remains the single largest cyber loss category by impact for Australian SMBs. The pattern is consistent: an unpatched application or a stale admin account gives the attacker a foothold, macros or untrusted executables run unimpeded, backups are either reachable from the production network or have never been tested, and within hours the business is offline.

The ACSC Essential Eight Maturity Model exists precisely because this pattern is predictable. Maturity Level 1 — the entry tier — is designed to block attackers using “commodity tradecraft” rather than targeted campaigns. That is exactly the threat profile most Brisbane SMBs face. The problem is not that ML1 is hard; it is that most SMBs have never been walked through the eight strategies as a coherent set. Patch cycles drift. Macro settings are left at the Microsoft defaults. Admin accounts double as daily-use accounts. Backups exist but have never been restored end-to-end. Each gap is small. Together they are how a ransomware crew gets in and stays in.

What Essential Eight ML1 Uplift does

Cyber by Exegesis runs a fixed-scope project that lifts an Australian SMB from no defined baseline to ML1 across all eight mitigation strategies:

• Gap assessment against each of the eight strategies — application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups.
• Prioritised implementation plan sequenced by the controls that close the largest ransomware paths first (patching, macros, MFA, backups) and the lighter-lift controls behind them.
• Hands-on remediation in your Microsoft 365 or Google Workspace tenant and across your endpoint fleet, with changes staged so nothing breaks in production.
• Backup restoration test — a real restore from your real backups, not a green tick in a dashboard.
• Evidence pack documenting the ML1 state of each strategy, what was changed, what residual risk remains, and what ML2 would require if you choose to go further later.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. This engagement is preventive. We set the ML1 baseline and hand it back to your IT provider (or to you) with the evidence pack. We are not your ongoing MSP.

How it works

1. We confirm scope on a short call, identify your tenant, endpoint count, and current IT arrangements, and request read-only access to assess the current state.
2. We run the ML1 gap assessment against all eight strategies and produce the baseline report.
3. We propose the prioritised remediation plan and agree the sequence with you — usually two to four weeks of staged changes.
4. We apply the technical changes, run the end-to-end backup restoration test, and document evidence for each strategy.
5. We hand over the evidence pack, walk your nominated person through it, and set a 90-day review checkpoint.

Why this matters in Brisbane

Brisbane’s SMB base skews toward construction, logistics, healthcare allied services, and professional services — sectors that hold customer PII, run on shared file servers, and cannot absorb a week offline. A ransomware event in any of these businesses is not just an IT problem; it is a customer-notification problem under the OAIC Notifiable Data Breaches scheme if personal information is implicated, and a cash-flow problem from day one. Getting to ACSC Essential Eight ML1 is the lowest-cost, most defensible step a Brisbane SMB can take to materially reduce that risk — and to be able to show a regulator, an insurer, or a client that you had a defined baseline before the incident, not after.

Sources

• ACSC Essential Eight Maturity Model: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Essential Eight ML1 Uplift (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Essential Eight ML1 Uplift for Brisbane SMBs

We are sequencing engagements by sector and by tenant type (Microsoft 365 first, Google Workspace second). Join the waitlist with your sector, endpoint count, and current tenant — we will tell you when we are ready to take a brief from your business.