Essential Eight ML1 Uplift for Perth SMBs: A Defensible Ransomware Baseline Before You Need One

Your operations manager rings on a Monday morning to say the file server is showing strange filenames and nobody can open the job sheets. The accounting system is throwing errors. There is a text file on every desktop demanding payment in cryptocurrency. By Monday afternoon you are calling your insurer, your lawyer, and trying to remember whether the last backup actually ran — and whether it is connected to the network the attacker is currently sitting inside. Essential Eight ML1 Uplift from Cyber by Exegesis is the engagement that puts a defensible baseline in place before that Monday morning.

The problem

Ransomware remains the highest-impact cyber loss category facing Australian SMBs. The ACSC publishes the Essential Eight Maturity Model specifically because the mitigations that stop ransomware — application control, patching, macro hardening, application hardening, admin privilege restriction, operating system patching, multi-factor authentication, and regular backups — are well understood. The problem is not knowledge. The problem is that most Perth SMBs have never been measured against a baseline, never produced evidence of where they sit, and never written down a prioritised path to close the gaps.

What that means in practice: macros are still enabled by default in Office, staff accounts have local administrator rights from a long-forgotten provisioning decision, MFA is on for some services but not the ones that matter, patches lag by months, and the backup that everyone assumes is running has not been restore-tested in a year. The ACSC Small Business Cyber Security Guide is blunt about this — the controls are not expensive, but they need to be in place before the attacker arrives, not after.

What Essential Eight ML1 Uplift does

Cyber by Exegesis runs a fixed-scope engagement to lift a Perth SMB from no defined baseline to ACSC Essential Eight Maturity Level 1 across all eight mitigation strategies:

• A gap assessment across all eight strategies, mapped against the ACSC Essential Eight Maturity Model criteria for ML1 specifically — no scope creep into ML2 or ML3 language.
• A prioritised implementation plan sequenced by ransomware risk reduction: MFA, backups, application control and macro settings first; patching cadence and admin privilege restriction second.
• Hands-on configuration work across your Microsoft 365 or Google Workspace tenant, endpoint policies, and backup configuration to bring each strategy to ML1.
• A restore test of your backups against a sample of business-critical data — because an untested backup is not a backup.
• An evidence pack: a written record of the ML1 state of each of the eight strategies, suitable for insurer questionnaires, client due-diligence requests, and your own board reporting.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same parent company behind the DRMO live product. This engagement targets ML1 only. We do not claim ML2 or ML3 outcomes from an ML1 scope, and we tell you plainly where ML1 stops and where the harder work begins.

How it works

1. We confirm scope on a short call, identify your tenant (Microsoft 365 or Google Workspace), endpoint fleet, and backup arrangement, and request read-only access for the assessment phase.
2. We run the gap assessment against the ACSC Essential Eight Maturity Model ML1 criteria and produce a baseline report showing where each of the eight strategies sits today.
3. We agree the prioritised implementation plan with you in a 60-minute working session — what changes, in what order, and what operational impact to expect.
4. We execute the configuration changes across a two to four week window, with each change documented as it lands.
5. We restore-test the backups, deliver the evidence pack, and walk your operations lead through it so the document is owned internally, not just filed.

Why this matters in Perth

Perth’s SMB base is heavy in resources services, engineering consultancies, marine and logistics businesses, and professional services firms supporting the WA resources sector. Those businesses tend to hold sensitive client data, operate on tight project timelines where downtime is expensive, and increasingly face cyber-clause requirements written into upstream contracts by larger principals. An ML1 evidence pack is often the difference between answering a prime contractor’s security questionnaire credibly and losing a tender. And under the OAIC Notifiable Data Breaches scheme, if a ransomware incident exposes personal information, the obligation to notify is statutory — not optional. A baseline established now is materially cheaper than a baseline reconstructed under a notification clock.

Sources

• ACSC Essential Eight Maturity Model: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Essential Eight ML1 Uplift (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Essential Eight ML1 Uplift for Perth SMBs

We are sequencing engagements by sector and by tenant type (Microsoft 365 first, Google Workspace second). Join the waitlist with your sector, headcount, and current tenant — we will tell you when we are ready to take a brief from your business.