We know employees are the weakest link in the security chain, what about your connected vendors? 56% of organizations say they had experienced a data breach stemming from a third-party security failure.More than 42% of the respondents say that attacks on their third parties resulted in a misuse of their organization's data and 75% believe that risks from third parties is increasing.

1. IAM - Most common ways in which attackers have broken into target networks is by stealing and misusing third-party access credentials.
2. DR - One of the most troublesome weaknesses in vendor environments and one with the greatest potential greatest impact to clients is the vendors’ susceptibility to disruption that renders data or services unavailable to client
3. Breach Notification - Slowness on your third-party vendor's part to disclose an incident involving client data and systems can have a direct impact on you.
4. System misconfiguration - Bad things can happen when a business partner or other third-party stores your sensitive data on incorrectly setup IT systems. 
5. Inadequate Vulnerability Management Practices - Credit monitoring giant Equifax' failure to properly address a known vulnerability in one of its software components led to arguably one of the biggest breaches ever involving sensitive data. 
6. Third-party software tools - Can also introduce a lot of vulnerabilities in your software if you are not careful. Considering that 50% to 75%--and sometimes even 95%--of executing digital code in an organization is from third-party vendors, the risks posed by vulnerable components is especially high

https://www.darkreading.com/cloud/6-ways-third-parties-can-trip-up-your-security/d/d-id/1331911