The following link describes a weakness on the website of an IEC workers' committee, in which a weakness was discovered that could have revealed personal details of workers.
This is an example of the importance of security in the supply chain and various partners who receive data from the organization.
In many cases the attackers do not attack the parent organization, which is usually well protected, but its supply chain, which in many cases is less well protected.
Every IT service provider must receive an information security certificate from the Information Security officer at the Technion !!