The modern enterprise has embraced mobility as a growth driver. Employees, customers, and partners connect from anywhere, while internet of things (IoT) devices quietly enable everything from logistics to retail. This agility has transformed business.
But it has also exposed a blind spot that boards and executives rarely discuss: cellular connectivity.
While most business leaders are comfortable talking about the most prolific cybersecurity risks their organisations face, there is still a lack of awareness from some quarters surrounding the misuse of SIM-equipped sensors or telemetry devices.
Yet the scale of SIM-based cellular infrastructure is staggering, with millions of devices relying on SIM connectivity to function seamlessly. From vast national transportation systems with hundreds of thousands of SIMs ensuring real-time monitoring, to solar-powered street cameras tracking vehicle movement, the ecosystem is constantly expanding.
Stolen or misused SIMs can quietly rack up uncontrolled expenses
Even everyday objects – like vending machines, which have quietly been SIM-connected for decades – depend on this invisible network to transmit stock levels and payments. Modern vehicles push the scale even further, with each car generating gigabytes of telemetry data daily, in addition to powering in-car entertainment systems.
Nevertheless, cellular traffic often sits outside traditional zero trust strategies. That gap creates inconsistent policies, fragmented visibility, and exploitable vulnerabilities – and it’s quickly becoming a business risk that the C-suite cannot afford to ignore.
“Boards ask CIOs and CISOs, Do you know where our data is going? With cellular, the honest answer today is usually no,” explains Nathan Howe, global VP of innovation at Zscaler.
From boots to snacks – organisations left exposed to risk
That gap is already being exploited. Utilities suppliers like gas companies deploy firewalls, IT security systems, and physical controls, of course. But along highways and rail lines, thousands of sensors and release valves are connected via cellular. These devices, sitting in exposed locations, can become easy targets for bad actors.
“Attackers have physically removed the SIM cards from the devices, inserted them into personal phones, and exploited the connections,” says Nathan Howe.
This results in two damaging outcomes for the business.
“Malicious actors can attempt to use the hijacked SIMs as entry points into the wider operational technology environment, creating the potential for cyber-physical attacks with national-level consequences. And even without a targeted breach, stolen SIMs generate massive data bills as they can be used for streaming, social media and personal internet traffic – with the operator left footing the bill.”
Leaders who address the cellular gap today won’t just avoid tomorrow’s breaches – they’ll be best positioned to seize future opportunities
A real-world example of this occurred in the USA where a parking enforcement company discovered an unexpected vulnerability in the ‘boots’ used to immobilise cars. Each boot contained a SIM card to transmit telemetry and usage data back to the operator. But when individuals began prying open the devices, they found the SIMs could be removed and inserted into personal phones.
“Almost overnight, what was designed to send small amounts of operational data became a source of unlimited internet access. Beyond the immediate financial losses, the incident underscored a deeper issue: the company had assumed cellular connections carried little risk and required no additional protection,” says Howe.
Even a seemingly harmless vending machine can quickly become an unexpected attack vector. Modern vending machines often go far beyond simply dispensing products; they collect data on purchase patterns, foot traffic, and even use sensors and cameras to detect when people are standing nearby. Left unmanaged, this data can create detailed profiles of individuals, including on sensitive sites like military bases or government facilities. Compounding the issue, many organisations treat these machines as third-party services, leaving them blind to where the collected information is going or how it’s being used.
“These aren’t theoretical risks,” says Howe. “They’re happening today, in ways that directly hit the bottom line and reputation of organisations.”
Why the C-Suite should care
The risks tied to insecure SIM-based infrastructure cut straight to the heart of financial stewardship, regulatory compliance, and brand trust. Left unmanaged, these exposures can translate into unbudgeted costs, compliance failures and reputational fallout that no leadership team can afford to ignore.
“The financial risks are immediate and tangible. Stolen or misused SIMs can quietly rack up uncontrolled expenses, while outages or breaches in critical infrastructure may trigger regulatory fines or contractual penalties,” says Howe.
“Beyond compliance, reputation is also on the line. Customers and partners assume their data is protected wherever it travels, and a breach involving overlooked cellular channels could erode trust with regulators, partners and the public. For senior leaders, the message is clear: cellular security isn’t just an IT problem, it’s a boardroom issue.”
Extending zero trust to cellular
The solution is to close this gap by extending zero trust principles to cellular. Zscaler Cellular does this by embedding enterprise-grade security directly into the SIM.
For leaders, the business case is compelling:
- Consistency: one policy across corporate networks, cloud, and cellular.
- Visibility: clear insight into device behaviour and data flows.
- Simplicity: no carrier backhauls or complex integrations – one SIM routes everything through the Zero Trust Exchange.
- Resilience: partnerships with 530+ carriers ensure continuity even during outages.
- Compliance: demonstrable protection of data in motion, ready for regulators.
“It’s a simple idea with huge impact,” says Howe. “Put in a Zscaler SIM, and instantly you bring that device under the same zero-trust umbrella as the rest of your enterprise. No more blind spots.”
From risk to strategic advantage
It falls to business leaders to protect the financial integrity of their organisations by preventing uncontrolled costs, as mobility and IoT adoption accelerate.
However, while each new cellular-connected sensor device adds risk, it can also create opportunity. Securing cellular can help scale mobility, IoT and digital transformation initiatives through visibility and resilience, delivering organisations a competitive advantage.
“Resilience isn’t just about cloud backups or firewalls anymore. It’s about making sure every connection – including cellular – is trusted and controlled,” says Howe. “Leaders who address the cellular gap today won’t just avoid tomorrow’s breaches – they’ll be best positioned to seize future opportunities.”
As enterprises continue to expand their digital ecosystems, cellular must no longer be the unspoken blind spot in security strategies. By bringing SIM-based connections under a zero-trust model, leaders can contain hidden risks while building the foundation for stronger resilience and smarter growth.
The modern enterprise has embraced mobility as a growth driver. Employees, customers, and partners connect from anywhere, while internet of things (IoT) devices quietly enable everything from logistics to retail. This agility has transformed business.
But it has also exposed a blind spot that boards and executives rarely discuss: cellular connectivity.
While most business leaders are comfortable talking about the most prolific cybersecurity risks their organisations face, there is still a lack of awareness from some quarters surrounding the misuse of SIM-equipped sensors or telemetry devices.
