Our blob storage is crucially important to our business. If for some reason one day the blob storage account is deleted from hackers or buggy scripts, it would cause serious harm.
What's the best way to backup blob storage to mitigate against an attack where for example someone logs in to our Azure portal and just deletes everything they see? Simply backing it up to another region wont protect against that sort of damage.
AFAIK, there is a 2-step authentification in Azure.
If it's not enough, you can always use some backup solutions e.g. Veeam to backup, encrypt and store your data somewhere else, in other cloud instance for example.
Yes, why not to follow 3-2-1 backup rule. Have several copies of your backups.
And make sure that you have 2-step authentication for your accounts.
Data stored in Azure Storage accounts is very securely protected by Microsoft. There is very little (if any) reason to worry about catastrophic equipment failure causing your data to be lost. However, Microsoft can’t protect our data from inadvertent user errors that we or our software might make that could corrupt or destroy our data. Because of this, backups are still a very necessary part of life in the cloud.
According your scenario, you need secure your storage account. You could use Role-Based Access Control(RABC). By using RABC, you can give specific users the ability to access the storage account keys, while other users can view information about the storage account, but cannot access the storage account keys. More information about how to secure your storage account please refer to this article.
Backup your date is also very necessary. For now, Azure does not support backup your blob data automatic. If your data is not very large, I suggest you use the command line AZCopy.exe tool from Microsoft and a batch file with a few tweaks to backup blob containers. More information please refer to this link.
Also, many third-party tools support backup Azure Blob automatic.