Oscar Six Blog

Mission

Zero-Day Alerts: What Small Businesses Should Actually Do

Zero-Day Alerts: What Small Businesses Should Actually Do

Another Day, Another Critical Vulnerability

If you follow cybersecurity news, you've probably seen the headlines: Cisco just confirmed that CVE-2026-20045 is being actively exploited in the wild. CISA added it to their Known Exploited Vulnerabilities (KEV) catalog with a February 11 deadline for federal agencies to patch.

For small business owners and IT admins, these announcements can feel overwhelming. Every week brings new critical vulnerabilities, urgent patches, and scary-sounding exploits. How do you know which ones actually matter to your organization? And what should you realistically do about them?

Let's break it down.

Understanding the CISA KEV Catalog

The Known Exploited Vulnerabilities catalog is one of the most useful resources CISA provides. Unlike the endless stream of CVEs published daily (over 25,000 in 2025 alone), the KEV catalog only includes vulnerabilities that meet two criteria:

  1. They have a patch or mitigation available
  2. They're being actively exploited in the wild

This second point is crucial. These aren't theoretical risks—attackers are using these vulnerabilities right now to compromise real systems.

While the compliance deadlines technically only apply to federal agencies, the KEV catalog serves as an excellent priority list for any organization. If something makes this list, it deserves your attention.

Step 1: Determine If You're Affected

Before you panic about any vulnerability announcement, ask one simple question: Do we even use this software or hardware?

The Cisco vulnerability affects specific products running their HTTP web services. If your organization doesn't use Cisco networking equipment, this particular CVE isn't your problem.

This is where having an accurate inventory of your technology assets becomes invaluable. You can't protect what you don't know you have. Many small businesses are surprised to discover old equipment still running on their network, or software installed years ago that no one remembers.

A basic asset inventory should include: - All network devices (routers, switches, firewalls) - Servers and their operating systems - Workstations and laptops - Cloud services and SaaS applications - Any internet-facing systems

Step 2: Assess Your Exposure

If you do use affected software or hardware, the next question is: How exposed are we?

The Cisco vulnerability specifically targets HTTP web services. Systems that aren't exposed to the internet, or that have web services disabled, face significantly lower risk than internet-facing devices with these services enabled.

This is where regular vulnerability scanning pays dividends. Automated scans can identify which systems are running vulnerable software versions and which services are exposed. Instead of manually checking every device, you get a prioritized list of what actually needs attention.

For small businesses without dedicated security teams, automated scanning tools have become essential. They transform vulnerability management from an impossible task into a manageable routine.

Step 3: Patch or Mitigate

Once you've identified affected systems, you have two options:

Patch immediately if the vendor has released a fix. Cisco has provided patches for CVE-2026-20045. For actively exploited vulnerabilities, waiting for your normal patch cycle isn't advisable.

Implement mitigations if patching isn't immediately possible. Vendors often provide workarounds—disabling affected features, implementing firewall rules, or restricting access. These buy you time while you plan the full patch.

Document everything. If you're a government contractor working toward CMMC compliance, or an Ohio business seeking SB 220 safe harbor protection, demonstrating that you have a vulnerability response process matters as much as the patching itself.

Step 4: Verify the Fix

After patching, confirm the vulnerability is actually resolved. Run another scan. Check that services are functioning correctly. Verify that the mitigation didn't break anything critical.

This verification step is often skipped under time pressure, but it's essential. A patch that wasn't applied correctly provides false confidence while leaving you exposed.

Building a Sustainable Process

Reacting to every zero-day announcement isn't sustainable. What small businesses need is a repeatable process:

  1. Maintain current asset inventory - Know what you have
  2. Scan regularly for vulnerabilities - Weekly or monthly automated scans catch issues before they become emergencies
  3. Monitor threat intelligence - Subscribe to CISA alerts for your industry
  4. Prioritize by actual risk - Internet-facing systems first, then work inward
  5. Document your response - Both for compliance and for improving your process

The goal isn't to achieve perfect security—that doesn't exist. The goal is to demonstrate reasonable security practices and reduce your attack surface to the point where attackers move on to easier targets.

The Bottom Line

Zero-day vulnerabilities will keep coming. The Cisco CVE this week will be followed by something else next week. Rather than treating each announcement as a crisis, build systems that let you respond calmly and effectively.

Start with visibility. You can't patch what you can't see. Regular vulnerability scanning, even basic automated scans, transforms security from guesswork into a manageable checklist.

For small businesses, the question isn't whether you can afford to implement basic security practices—it's whether you can afford not to.

← Back to Home