A very happy New Year 2026 to you. Those of you who are familiar with my work know that I preach breach readiness, cyber resilience, and building practical capabilities to remain “unaffected” by cyberattacks. A lot of what I have written in 2025 came from how great wars were fought. There is still a lot to learn about modern cyber resilience from them.

The Battle of Asal Uttar

Dubbed one of the largest tank battles since World War II, the Battle of Asal Uttar took place from September 8 to 10, 1965, near Khem Karan in Punjab, India. A large contingent of enemy troops, equipped with M47 and M48 Patton tanks, crossed the border and advanced towards Amritsar, initially pushing back the less-equipped Indian forces to defensive positions near Asal Uttar, which was unfamiliar territory for the attackers.

Recognizing the superiority of the enemy armed forces, particularly the M48 Patton tanks, the Indian command adopted very unusual tactics. The terrain at Asal Uttar was dotted with barren paddy fields and lush sugarcane fields. First, the Indian military engineers (sappers) breached the canals and flooded the fields, creating smaller, mushy, swamp-like perimeters to defend. Then they hid the small contingent of Centurions and Sherman tanks in tall sugarcane fields so they could defend each perimeter, forming a strategic “U-shaped” defensive formation. The villagers provided intelligence and visibility, guiding Indian troops through the canals and fields they knew like the back of their hand.

Also Read: When One Vulnerability Breaks the Internet and Millions of Devices Join In

The defenders were prepared. They knew where their defensible assets were, which parts were more vulnerable than others, where they had vantage visibility, and how they had narrowed the attack landscape to their advantage.

When the enemy attacked, its tanks became sitting ducks in the muddy terrain. Over the three-day battle, attacking sporadically amidst the tall sugarcane crops, the defending team captured about 40 tanks, demolished another 60, and forced the enemy to flee. The key takeaways for me were the effective use of resources and tactics that capitalized on the terrain, including paddy and sugarcane fields, to outmaneuver and defeat enemy M47 and M48 Patton tanks.

The Defenders’ Advantage

They knew all the elements of the attack paths far better than the perpetrators when the attack ensued. They were successful in changing the attack landscape to choke the attacker’s advances. And they ran an operation with military-grade muscle memory. This is what makes a difference in the digital world too.

2025 showed us that despite massive investments, cybersecurity attacks continued unabated. Other than big names like Qantas, Marks & Spencer, UNFI, and the Oracle Cloud breach, some notable ones included the estimated £1.9bn JLR disruption, the devastating $2.45 billion in addressing breach-related expenses, and on December 29, 2025, Coupang announced a 1.69 trillion won ($1.2 billion) compensation package for a breach.

Access Forrester Wave Report | Discover why ColorTokens was rated ‘Superior’ in OT, IoT, and Healthcare Security.

The Coupang breach is a huge testament to this. Coupang, hailed as the Amazon of South Korea, had built a reputation for its “rocket delivery.” Billed as the data breach that hit two-thirds of a country, this insider breach is a prime example of why it is absolutely paramount to consider investing in microsegmentation today. Investigators said the breach began through Coupang’s overseas servers in June, but the company only became aware of it in November.

No, there was no dearth of security tools. Clearly, IT operations lacked change management, rigorous configuration, leadership oversight, and governance. In nearby Japan, the recent wave of attacks on Asahi Group Holdings, Askul, and now Yazaki Corp exemplifies the “new normal” of ransomware: recovery is rarely a matter of days. It is a multi-month slog that often requires rebuilding trust as much as rebuilding servers.

My takeaway from all this is that most cyberattacks today can be contained and withstood if the defenders knew and could restrict the attack paths, if the defenders could restrict the propagation of the attacks across systems, and if change management was burned into their operational teams using “military-grade muscle memory.”

Also Read: Microsegmentation: Stop Lateral Movement and East-West Threats | learn how segmenting micro-perimeters stops attackers inside networks.

The Digital World is at War

2025 also heralded AI as an attacker. In November 2025, Anthropic publicly disclosed its disruption of what it described as the first documented large-scale AI-orchestrated cyber espionage campaign. Anthropic attributed the campaign to a Chinese state-sponsored group designated GTG-1002, a well-resourced actor focused on espionage. The campaign’s success relied on post-initial-access phases: reconnaissance, vulnerability exploitation, credential harvesting, lateral movement, and data exfiltration. It is no secret that the targeted organizations (the primary victims) could have significantly mitigated the attack’s success by hardening the attack landscape with microsegmentation, while Anthropic’s ‘ implementation would enhance overall resilience against related threats.

A well-planned strategy of deployment (read cybersecurity foundational controls for navigating digital landscapes), mapped out to the smallest detail (read creating micro zones with connected conduits), is as much a guarantor of success as a hastily formed plan is a guarantor of failure. Success is pre-determined even before a battle begins by decoys that can provide in-depth MITRE ATT&CK techniques to build cyber defense models and continuous exercising of microsegmentation operations. Every smart military commander knows this. Execution is wonderful, but consistency is key in winning against a digital attacker. Human or AI.

I was reading an article titled Train Like a Soldier, Defend Like a CISO, published by Group Captain Ashok Kumar, a distinguished veteran of the Indian Air Force and an astute cybersecurity specialist and research scholar, who has always espoused military-grade muscle memory. As a soldier, he was trained to repeatedly practice disassembling and reassembling a rifle until he could do so blindfolded, or until he would not flinch under fire. Cyber resilience in 2026 needs military-grade muscle memory.

Military-grade muscle memory usually refers to the highly trained, automatic responses developed by soldiers and special forces through repeated, realistic, and high-stress practice, enabling critical actions to be performed instinctively, even under pressure or chaos. It isn’t just physical; it is also substantial cognitive conditioning. The repeated drills simulate combat stress (noise, fatigue, confusion). The brain learns to remain calm, decisive, and ready to react under extreme conditions; therefore, even when adrenaline spikes, performance remains consistent. Continuous practice enables the motor cortex and cerebellum to create strong neural pathways, allowing actions to transition from conscious effort to automatic execution, resulting in drastically faster reaction times. The body acts before the mind has time to overthink. This is military-grade muscle memory.

Coupang, JLR, and all the others offered one huge advantage to the attackers, which the soldiers in Khem Karan did not. Attackers were able to move unchallenged after the initial attack.

Also Read: Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

In 2026, We Need to Change the Script, Urgently

We need to learn from 2025 and change the narrative this year. AI is making the humans behind AI attackers attack faster and on a larger scale, often undetected until the effects are evident.

If you have not already, invest in a breach-ready microsegmentation program that keeps your critical assets unaffected by breaches across a few systems, regardless of whether the attacker is internal or external. The focus should be on fast, frictionless, and pervasive enforcement of Zero Trust that covers your entire digital landscape, whether IT, operational technology (OT), or the cloud, and leverages your current investments in cybersecurity cohesively.

If you have not already, model cyber defenses to choke attackers and keep them contained within the microsegments where the initial attack occurs, before they are evicted. Change your existing credentials to zero-trust, cryptographic, and passwordless to deny humans or AI the luxury of credential misuse. Where possible, use lures and decoys to detect reconnaissance activities and disrupt attacks before they begin.

If you have not already, infuse a rigorous exercise regime that teaches operational teams how to behave during a breach, and build it as close to military-grade muscle memory as practically possible. Every team member should exercise enough to visualize the sequence of events backward from a breach to normal operations. Every team member should know about all the buttons at their disposal to contain and withstand “unprecedented” cyberattacks.

These three techniques will change your breach readiness posture. The question to ponder if you succeed is, “Will your needs remain the same?”

Happy defending.
 
If you want to understand how prepared your environment really is, a Breach Readiness and Impact Assessment can help map lateral exposure and prioritize what matters most. If you prefer a conversation, our advisors can help you think through the right next steps.

This post was originally published on Medium.

The post 2026 Is the Year to Be Breach Ready: Augment Cyber Resilience with Operational Excellence appeared first on ColorTokens.

*** This is a Security Bloggers Network syndicated blog from ColorTokens authored by Agnidipta Sarkar. Read the original post at: https://colortokens.com/blogs/breach-readiness-2026-cyber-resilience/