Adversaries are increasingly targeting third-party providers, catching customer companies on their heels. CISOs must play a larger role in vendor negotiations — and get tougher about what they ask.