Fortinet administrators must immediately reset passwords, isolate management interfaces from the internet, and enable multi-factor authentication organization-wide to reduce the risk of a coordinated credential abuse campaign.