Essential Eight ML1 Uplift for Sydney SMBs: Close the Ransomware Door Before It Closes Your Business

Your bookkeeper logs in on Monday morning and the shared drive is gone — every file renamed with a strange extension, a README sitting at the root demanding payment in cryptocurrency to a wallet you have never heard of. Your IT contractor is on the phone trying to find a backup that has not also been encrypted. You are working out whether your client data was exfiltrated before the encryption — and whether that means a call to the OAIC. Essential Eight ML1 Uplift from Cyber by Exegesis is the engagement designed to put a Sydney SMB on a defined baseline before that Monday morning.

The problem

Ransomware is the highest-impact cyber loss category for Australian SMBs, and the entry vectors are mundane: a macro in a Word document, an unpatched browser, a local admin account that should not have existed, a backup on the same network the attacker just encrypted. The ACSC’s Essential Eight Maturity Model exists precisely because these vectors are well understood and the controls that close them are well defined.

Most Sydney SMBs do not have a defined baseline. They have a managed service provider running Microsoft 365 and a vague sense that “we have antivirus”. They have not assessed themselves against the eight mitigation strategies. They cannot tell you whether application control is enforced, whether macros from the internet are blocked, whether their admin accounts are separated from daily-use accounts, or whether their backups would survive an attacker with domain credentials. Maturity Level 1 is the floor — the level at which an organisation has partly implemented each of the eight strategies — and a surprising number of SMBs cannot yet honestly claim it.

What Essential Eight ML1 Uplift does

Cyber by Exegesis runs a fixed-scope engagement to lift a Sydney SMB from no defined baseline to ACSC Essential Eight Maturity Level 1 across all eight mitigation strategies:

• A gap assessment against each of the eight strategies — application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, regular backups — scored honestly against the ML1 descriptors in the ACSC maturity model.
• A prioritised implementation plan sequenced by ransomware risk reduction first: MFA on internet-facing services, macro hardening, admin privilege separation, and backup isolation before the lower-yield items.
• Configuration changes applied in your Microsoft 365 or Google Workspace tenant and on your endpoints, working with your existing IT provider where one exists.
• A backup test — we restore a sample of files from your backup to prove the backup actually works, because an untested backup is not a backup.
• An evidence pack: screenshots, configuration exports, and a written assessment mapping each control to the ML1 descriptor. This is what your insurer, your auditor, or the OAIC will ask for.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. This engagement targets ML1 specifically. We are not promising ML2 or ML3; those are separate uplifts with materially different scope.

How it works

1. We confirm scope on a short call, identify your tenant and endpoint estate, and request read-only access to assess the current state.
2. We complete the gap assessment against the eight strategies and deliver a baseline report scoring you honestly against ML1.
3. We propose a prioritised implementation plan and sequence the changes over a three to six week window, coordinating with your IT provider where one is in place.
4. We apply or supervise the configuration changes, run a backup-restore test, and document the evidence as we go.
5. We deliver the evidence pack, walk you through what was changed, and leave you with a 90-day review to confirm the controls have not drifted.

Why this matters in Sydney

Sydney holds a disproportionate share of Australia’s mid-market SMBs in professional services, healthcare, and logistics — sectors that hold customer PII and operate above the $3M turnover threshold that brings them squarely under the OAIC’s Notifiable Data Breaches scheme. A ransomware incident in these businesses is rarely just an operational problem; it becomes a notification problem within 30 days if personal information was likely accessed. A Sydney SMB at Essential Eight ML1 has closed the most common ransomware vectors and has the evidence pack ready when the insurer, the regulator, or the board asks how the baseline was set.

Sources

• ACSC Essential Eight Maturity Model: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Essential Eight ML1 Uplift (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Essential Eight ML1 Uplift for Sydney SMBs

We are sequencing engagements by sector and by tenant type (Microsoft 365 first, Google Workspace second). Join the waitlist with your sector, employee count, and current IT arrangement — we will tell you when we are ready to take a brief from your business.