What is a supply chain attack and why is it difficult to defend against?

A supply chain attack compromises a trusted vendor, supplier, or software provider to gain access to their customers' networks and data. The SolarWinds attack is a prominent example where attackers inserted malicious code into a legitimate software update distributed to thousands of organizations. Supply chain attacks are difficult to defend against because organizations implicitly trust their vendors' software and updates.