The hidden risks of cellular connectivity: Why intelligent control is the new security imperative

Ten and a half million—or 1.79 per person—that’s how many Singapore active cellular mobile connections had in early 2025, according to DataReportal’s Global Digital Insights. Behind this staggering figure lies a troubling reality: countless cellular-connected devices operate in complete darkness, invisible to the security teams responsible for protecting them.

Across Singapore’s modernized infrastructure, from autonomous vehicles to smart water metres and automated immigration checkpoints, these devices communicate silently across public and private networks. With the country’s renewed Smart Nation ambitions driving momentum, Singapore’s IoT market is expected to grow to US$4.51 billion by 2029, as projected by Statista. This invisible communication is happening at unprecedented scale—and often without the awareness or oversight from the organizations that own them.

While many people assume mobile networks are inherently secure regardless of visibility, the reality is far more complex. These cellular endpoints operate beyond the reach of traditional security tools, leaving organizations far more vulnerable than most realize.

So, it urgently begs the question: Do you know what your organization’s cellular-connected devices are doing right now? And more importantly, are they doing what they should?

Outdated assumptions, invisible threats

Many organizations believe that once a device or thing connects to a cellular network, it’s automatically under control. In reality, active Subscriber Identity Module (SIMs) can transmit data freely across borders and networks with minimal visibility or restriction. This false sense of security exposes businesses to compliance violations and cyber threats, especially when location-based or behavioral policy enforcement is required.

Although mobile carriers do offer some network-level protections, they’re not necessarily tailored to the specific applications or sensitive data these devices can handle. Cellular endpoints often run multiple software components, generating outbound traffic that traditional tools can’t see or manage. Without visibility into what these devices are doing or transmitting, security teams cannot detect unusual activity, enforce access policies, or respond effectively to emerging risks. Instead, the implicit trust in mobile connectivity expands the attack surface, increasing risk and causing operational issues.

To compensate, organizations often fall back on legacy security solutions—firewalls, VPNs, and backhaul networks—that add complexity and cost without delivering the real-time, granular control modern environments demand. Once connected, these devices are still allowed to communicate too freely, violating proactive zero-trust principles that require strict verification of every interaction and full visibility across the network. With protection under more scrutiny and pressure than ever before, this is a scenario that organizations simply cannot afford to let continue.

Visibility by design, not by patchwork

True protection starts with visibility. Knowing exactly what your cellular things are doing is the foundation for securing mobile and IoT environments in an increasingly sprawling, connected world.

Gaining this knowledge requires a zero-trust solution that can route all device traffic through a unified platform, delivering real-time inspection and policy enforcement of every single data packet at the edge. Rather than having to wait for traffic to reach a network hub or firewall before it can be evaluated, this complete transparency means businesses can see exactly where each device connects from, what it’s communicating with, and how security policies should be applied to it in real-time, all before any data leaves the device. This is what we at Zscaler call ‘visibility by design’.

Cellular control made simple

Beyond visibility, bringing zero trust to devices that previously operated in a blind spot enables organizations to make the vital shift from blind trust in mobile networks to informed control over every connection.

Integrating connectivity and zero-trust security means there’s no need for complex infrastructure or manual configuration. Security is embedded at the SIM or eSIM level, enabling precise, context-aware controls based on identity, location, behavior, or risk. For example, a SIM can be restricted to operate only within specific countries or regions, preventing unauthorized roaming or data exfiltration. Anomaly detection can flag or block suspicious activity such as attempts to access disallowed resources or connect from unexpected locations, ensuring consistent protection across the globe without operational overhead.

Built-in protection that moves with you

The granular level of control zero trust provides empowers businesses to define exactly what needs protection—be it a cloud app, IoT sensor, EV charger, or any sort of vehicle—and then enforce that built-in protection no matter where the device travels to.

This isn’t theoretical—it’s already transforming industries.

In retail, for example, a company in the Philippines implemented Zscaler’s zero-trust solutions in its network of point-of-sale systems. This streamlined operations, cutting down troubleshooting time from three hours to just fifteen minutes. Beyond minimising cyber risk and maintenance overheads, the retailer also gained deeper visibility into store-level transactions. By addressing “grey” sales that had previously resulted in revenue leakage, the company saves US$5 million monthly.

In manufacturing, enterprises are using this new approach to shield ERP systems. It enables secure, uninterrupted access to critical data on the factory floor via hand scanners and tablets, all governed by zero-trust policy-based controls.

Infrastructure monitoring is another area being transformed by zero-trust protection. Sensors embedded in buildings and bridges are being secured via this approach to ensure data integrity and continuous service availability. With multi-carrier failover and unified security, organizations stay resilient against outages, cyberattacks, and interference.

The end of network guesswork

Visibility identifies the need. Control defines the rules. Protection enforces them.

With zero trust cellular oversight, organizations gain a powerful layer of defence that governs every connection—no matter where it originates or ends. This enables them to confidently deliver on the promise of ubiquitous, secure connectivity—anywhere, on any device, and with every asset protected.

Nathan Howe is Global VP of Emerging Technologies at Zscaler.

TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Featured image: Kabiur Rahman Riyad on Unsplash

Sustainability and technology: The role of digital tools in building greener businesses