Oftentimes security isn’t so much for the purpose of security, but for the appearance of safety. Security theatre exists solely to give people the feeling of safety than to really do anything to ensure it. This gives the bad guys free pass to accomplish illegal activities without any real restrains. The COVID vaccine card scam is only one example of that.
Cyber security incidents are not very different from these real-life instances. Security theatre too exists in the cyberspace, but it is the effective measures that stop a theft or scam from happening. Those are the ones that really count because for every attack that is stopped, ten more are prevented. When you catch a bad guy, you send out a warning to the others out there who were likely to follow.
Bruce Schneier has a very interesting piece on COVID vaccine fraud titled “Why Vaccine Cards Are So Easily Forged” in which he draws parallel between vaccination card scam and cybersecurity attacks explaining how security incidents are so common and how they can be prevented through actionable and effective security measures. He writes,
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake. I could change the date on an old test, or put my name on someone else’s test, or even just make something up on my computer. After all, there’s no standard format for test results; airlines accept anything that looks plausible.
Read his thoughts on this in his article – “Why Vaccine Cards Are So Easily Forged” to know more.