Backup and Ransomware Preparedness for Sydney SMBs: Know You Can Restore Before You Have To

It’s a Tuesday morning and your file server is showing a ransom note instead of the quarterly accounts. Your bookkeeper can’t open anything. The CRM is encrypted. Someone remembers there’s a backup — nobody is sure when it last ran, nobody has ever restored from it, and the NAS it lives on is sitting in the same office on the same network as everything the attacker just touched. You are now making a decision under pressure that you should have made on a quiet afternoon six months ago. Backup and Ransomware Preparedness from Cyber by Exegesis is the engagement that closes that gap before the note appears.

The problem

Ransomware is consistently among the highest-impact cyber incidents reported by Australian SMBs. The ACSC Small Business Cyber Security Guide is unambiguous about what defends against it: regular backups, kept separate from the systems they protect, and tested by actually restoring from them. Most Sydney SMBs have one of those three. Almost none have all three.

The common failure modes are predictable. Backups run nightly to a NAS sitting on the same domain — when the attacker pivots, the NAS gets encrypted too. Cloud backups exist but no one has ever restored a file from them, so when the moment arrives, the restore is a science experiment. Backup retention is two weeks, which means a slow-burn ransomware actor who’s been in the environment for a month has already poisoned every restore point. And there is no written response plan — so when it happens, the first hour is spent on group chat instead of on containment.

If the incident exposes customer personal information, the OAIC Notifiable Data Breaches scheme adds a statutory notification obligation on top of the operational disaster. That decision — notify or not — should not be made for the first time at 11pm on a Tuesday.

What Backup and Ransomware Preparedness does

Cyber by Exegesis runs a fixed-scope engagement focused on the two things that decide whether a ransomware event is a bad week or an extinction-level event for an SMB: a backup chain you can actually restore from, and a response plan your team has actually rehearsed.

• A review of your backup chain — frequency, retention, immutability, off-site separation from the production environment, and credentials separation so the attacker can’t reach the backups with the same compromised account.
• An actual restore test. We pick a representative system and restore it from your existing backups into an isolated environment to prove the chain works end-to-end. If it doesn’t, we document why.
• A written ransomware response plan tailored to your business: who decides, who calls the insurer, who calls the bank, who handles staff communications, and the OAIC notification decision pathway.
• A 90-minute tabletop exercise walking your leadership through a realistic Sydney SMB ransomware scenario, with decision points and timing.
• A short written report with what works, what doesn’t, and a prioritised remediation list mapped to ACSC Essential Eight controls (Regular Backups is one of the eight).

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is preparedness. We set the controls and rehearse the response; we are not your IT provider and not your incident responder.

How it works

1. We confirm scope on a short call, identify the systems and data in scope, and request read-only access to your backup tooling and a list of your critical business systems.
2. We pull the current backup configuration into a baseline report — frequency, retention, immutability, where backups live, and who can touch them.
3. We run the restore test against one representative system in an isolated environment and document the result.
4. We draft the ransomware response plan with you over a 60-minute working session — roles, decision points, and the OAIC notification pathway.
5. We run the 90-minute tabletop exercise with your leadership and leave you with the written report, the response plan, and a 90-day review window.

Why this matters in Sydney

Sydney concentrates Australia’s SMB professional services, healthcare, and trades businesses — the operating profile ransomware actors target because the data is sensitive, the downtime is expensive, and the cyber insurance market often expects to see a tested backup chain before paying out. A Sydney SMB that can demonstrate immutable, off-site, restore-tested backups and a rehearsed response plan turns a potential business-ending event into an operational inconvenience. The work is not glamorous and it is not expensive — but it has to be done before the note arrives, not after.

Sources

• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• ACSC Essential Eight Maturity Model (Regular Backups is one of the eight mitigation strategies): https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Backup and Ransomware Preparedness (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Backup and Ransomware Preparedness for Sydney SMBs

We are sequencing engagements by sector and by backup tooling in place (Microsoft 365 / cloud-native first, on-premises and hybrid second). Join the waitlist with your sector and current backup setup — we will tell you when we are ready to take a brief from your business.