Larger orgs, especially related to infrastructure or national services may be specifically targetted. They know what their weak points are. Phishing, DoS, customer information leaks, ... But what they're afraid of and how they deal with that is going to be specific to their systems. I guess the only common thing for "brace for cyber warfare" is - talk to your peers about weird new things you see.
My suspicion is that warnings about cyberattacks are going to be the new "credible threat of terrorism", i.e. a way to fearmonger at the uppermost levels of government in order to raise support for "kinetic warfare", but I hope not.