Hi Noi Yar,
I agree with your preventive measures above which were perfectly summarized in almost all dimensions. I would like to add another solution to avoid the attack. Penetration testing (pen test) is an authorized simulated attack performed on a system to evaluate its security. The testers use the same processes as attackers to find and demonstrate the impacts of weaknesses in a system. By conducting such tests, we can proactively take action, change the passwords before a real attack occurs, and review and improve our password creation and enforcement policies.