Due to the prevalent use of highly distributed corporate networks (increasing use of the cloud for storing data, more services received from vendors and subcontractors), exploiting third-party vulnerabilities has became a common tactic among hackers to breach organization networks. Hackers strive to find the third party's weakest link in order to execute the attack against their ultimate target.
The more vendors and contractors the organization has, the more vulnerable it becomes to attacks. Therefore, companies must be concerned not only for their own information security, but also manage their supply chain. Organizations need to understand what types and quantities of company data their vendor is exposed to? Do vendors have access to organizational information that is irrelevant to the vendor's day-to-day operational activities?