Organizations must extend their protection to all of their third-party applications.