Essential Eight ML1 Uplift for Melbourne SMBs: A Defensible Baseline Against Ransomware

It is a Tuesday morning and your office manager calls to say nobody can open any files. The shared drive shows folders renamed with a random extension. There is a text file on every desktop with a wallet address and a 72-hour deadline. Your bookkeeper cannot raise invoices. Your project team cannot access drawings. You do not know yet whether customer data has been taken, which means you do not know yet whether you have an OAIC notification obligation. Essential Eight ML1 Uplift from Cyber by Exegesis is the engagement designed to lift a Melbourne SMB to a defensible ACSC baseline before that Tuesday morning arrives.

The problem

Ransomware remains the highest-impact cyber loss category for Australian SMBs. The ACSC Essential Eight Maturity Model exists specifically because the same handful of controls — applied consistently — block the majority of the techniques ransomware operators rely on to gain a foothold, escalate privilege, and encrypt at scale. Maturity Level 1 (ML1) is the entry rung: it assumes adversaries using widely available tradecraft rather than targeted, well-resourced attackers, and it is the level most Australian SMBs should be at as a minimum.

Most Melbourne SMBs we speak to are not at ML1. They have patching that is “mostly current”, admin accounts shared between daily work and privileged tasks, macros enabled by default in Office, backups that have never been restore-tested, and MFA on email but not on remote access. None of these gaps are exotic. All of them are exploited routinely. The Essential Eight is not a theoretical framework — it is a checklist of the controls that, in combination, make a ransomware actor’s job materially harder.

What Essential Eight ML1 Uplift does

Cyber by Exegesis runs a fixed-scope engagement to take an Australian SMB from no defined baseline to ACSC Essential Eight Maturity Level 1 across all eight mitigation strategies:

• A gap assessment against ML1 across application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups.
• A prioritised implementation plan sequenced by ransomware-blast-radius — the controls that most directly disrupt encryption and lateral movement go first.
• Hands-on configuration changes (or detailed instructions for your IT provider) across your Microsoft 365 or Google Workspace tenant, endpoints, and backup system.
• A restore test of your backups — a backup nobody has restored is a hope, not a control.
• An evidence pack mapped to each of the eight strategies at ML1, suitable for insurer questionnaires, client due diligence, and your own board record.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. This engagement is preventive baseline uplift to ML1. We are explicit that ML1 is the entry maturity level; we do not imply ML2 or ML3 coverage, and we will tell you which controls would need further work if you wanted to progress.

How it works

1. We scope the engagement on a short call, confirm in-scope domains, tenant, and endpoint count, and request read-only access to your identity provider, email tenant, and backup console.
2. We run the ML1 gap assessment over one to two weeks and deliver a written baseline showing where you sit against each of the eight strategies.
3. We agree the prioritised remediation plan with you, sequencing by ransomware risk and operational disruption.
4. We apply (or supervise your IT provider applying) the configuration changes, including MFA enforcement, macro restriction, admin-account separation, patching cadence, and backup hardening.
5. We run the restore test and hand over the ML1 evidence pack with a 90-day review window.

Why this matters in Melbourne

Melbourne carries a heavy concentration of mid-sized professional services, manufacturing, healthcare, and education SMBs — sectors that ransomware operators target specifically because operational downtime creates immediate pressure to pay. A Melbourne SMB with turnover above $3M is also squarely inside the OAIC Notifiable Data Breaches scheme: if a ransomware incident involves access to personal information and serious harm is likely, you have a statutory notification obligation on a clock. Reaching ML1 across all eight strategies is the most cost-effective way a Melbourne SMB can both reduce the probability of an incident and shorten the post-incident decision tree.

Sources

• ACSC Essential Eight Maturity Model: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Essential Eight ML1 Uplift (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Essential Eight ML1 Uplift for Melbourne SMBs

We are sequencing engagements by sector and by tenant type (Microsoft 365 first, Google Workspace second). Join the waitlist with your sector, endpoint count, and current tenant — we will tell you when we are ready to take a brief from your business.