But why would you open up your routers' management interfaces (Webfig/Winbox/SSH) in the first place to the whole world ?
No way to "narrow down" SOURCE_IP that allowed to do management ? (eg. centralised jumphost or something)
Personally for some DNAT-services I use a complex "port-knocking" sequence so my Mikrotik is "opened up" for my specific IP at that time only after the sequence.
knowing there are 64K possible TCP-ports, 64K possible UDP-ports and having only a "time window" of 5 seconds the chances of somebody "guessing" my correct sequence is considered "0" to me.