The best way to defend against this
Is to ask the question "if one sysadmin gets really pissed - or his family is taken hostage - could he destroy everything from production data to all backup copies?" If the answer is yes, you need to separate roles and admin access so that can't happen[*]. If no amount of role separation can accomplish that, because of dumb stuff like backup servers with write access to production data, then you have a single point of vulnerability in your architecture that needs to be resolved before you worry about human factor attacks.
[*] Obviously this doesn't apply in small shops where the backup guy, storage guy and server guy are all the same person or such a small team that they need to back each other up over vacations etc.
One additional thought - hyperconverged infrastructure is a great thing, but don't collapse the backup solution into it. Then it would become almost impossible to separate admin roles such that the same guy doesn't have the ability to destroy production data and backups.
Biting the hand that feeds IT
