If your organization works with a bunch of suppliers that have access to your network or servers, then you are probably concerned about the level of risk created by their access. If not, perhaps you should be.
Why? As one example, your organization may have a telecom provider that has remote access to service the phone or voicemail system, or your facilities provider may have access to monitor your HVAC system. In fact, these types of vendor relationships have been the cause of numerous high-profile breaches. The Target breach from 2013 was the result of stolen network credentials from an HVAC vendor. The Home Depot breach from 2014 stemmed from stolen vendor credentials. The CVS Photo breach in 2015 was a result of their vendor, PNI Digital Media, being compromised by malware. These are only a few of the many publicly-announced breaches resulting from third-party vendor security lapses that continue to occur year after year.