Chief Information Security Officers (CISOs) can learn valuable lessons from muskoxen, animals that thrive in harsh environments by relying on their herd for protection. Similarly, CISOs must prioritize third-party risk management to safeguard their organizations from cyber threats. The consequences of neglecting this aspect can be severe, including production shutdowns. Recent cyberattacks on third-party vendors, such as those carried out by the Russian hacking group APT29 (also known as "Cozy Bear"), highlight the importance of effective risk management1. These state-aligned attacks shift the threat model from criminal to geopolitical, requiring a different approach to mitigation. By acknowledging the interconnectedness of their organizations and taking a proactive stance on third-party risk management, CISOs can better protect their businesses from potential threats. This matters to security practitioners because it underscores the need for a tailored approach to managing third-party risks, one that accounts for the evolving geopolitical threat landscape.